CVE-2025-34511 Information

Description

Sitecore PowerShell Extensions an add-on to Sitecore Experience Manager (XM) and Experience Platform (XP) through version 7.0 is vulnerable to an unrestricted file upload issue. A remote authenticated attacker can upload arbitrary files to the server using crafted HTTP requests resulting in remote code execution.

Reference

https://labs.watchtowr.com/is-b-for-backdoor-pre-auth-rce-chain-in-sitecore-experience-platform/

Related CNNVD

CNNVD-202506-2091 (Published: 2025-06-17)