{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-01T07:53:40.478","vulnerabilities":[{"cve":{"id":"CVE-2025-34510","sourceIdentifier":"disclosure@vulncheck.com","published":"2025-06-17T19:15:31.557","lastModified":"2025-09-08T19:22:24.210","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Sitecore Experience Manager (XM), Experience Platform (XP), and Experience Commerce (XC) versions 9.0 through 9.3 and 10.0 through 10.4 are affected by a Zip Slip vulnerability. A remote, authenticated attacker can exploit this issue by sending a crafted HTTP request to upload a ZIP archive containing path traversal sequences, allowing arbitrary file writes and leading to code execution."},{"lang":"es","value":"Las versiones 9.0 a 9.3 y 10.0 a 10.4 de Sitecore Experience Manager (XM), Experience Platform (XP) y Experience Commerce (XC) se ven afectadas por una vulnerabilidad de Zip Slip. Un atacante remoto autenticado puede explotar este problema enviando una solicitud HTTP manipulada para cargar un archivo ZIP que contenga secuencias de path traversal, lo que permite escrituras arbitrarias en archivos y provoca la ejecución de código."}],"metrics":{"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-23"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sitecore:experience_commerce:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0","versionEndIncluding":"10.4","matchCriteriaId":"DCF77DC5-9DF9-4DF7-9636-69CA4BEEDB04"},{"vulnerable":true,"criteria":"cpe:2.3:a:sitecore:experience_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0","versionEndIncluding":"10.4","matchCriteriaId":"17EF29D0-E1DA-4F84-95F4-EA9680EB47DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:sitecore:experience_platform:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0","versionEndExcluding":"10.4","matchCriteriaId":"88455751-A525-4A59-9DD8-4E015CD1346C"},{"vulnerable":true,"criteria":"cpe:2.3:a:sitecore:experience_platform:10.4:-:*:*:*:*:*:*","matchCriteriaId":"78E71AD1-04C7-4D80-9A0A-E386A3FAC860"},{"vulnerable":true,"criteria":"cpe:2.3:a:sitecore:managed_cloud:-:*:*:*:*:*:*:*","matchCriteriaId":"520CF670-01A2-479F-B637-C413A82463E0"}]}]}],"references":[{"url":"https://labs.watchtowr.com/is-b-for-backdoor-pre-auth-rce-chain-in-sitecore-experience-platform/","source":"disclosure@vulncheck.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003667","source":"disclosure@vulncheck.com","tags":["Vendor Advisory"]}]}}]}