Vulnerability Details CVE-2025-34511
Sitecore PowerShell Extensions, an add-on to Sitecore Experience Manager (XM) and Experience Platform (XP), through version 7.0 is vulnerable to an unrestricted file upload issue. A remote, authenticated attacker can upload arbitrary files to the server using crafted HTTP requests, resulting in remote code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.779
EPSS Ranking 99.0%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2025-34511
-
cpe:2.3:a:sitecore:experience_commerce:10.0
-
cpe:2.3:a:sitecore:experience_commerce:10.1
-
cpe:2.3:a:sitecore:experience_commerce:10.2
-
cpe:2.3:a:sitecore:experience_commerce:10.3
-
cpe:2.3:a:sitecore:experience_commerce:10.4
-
cpe:2.3:a:sitecore:experience_commerce:9.0
-
cpe:2.3:a:sitecore:experience_commerce:9.1
-
cpe:2.3:a:sitecore:experience_manager:10.1
-
cpe:2.3:a:sitecore:experience_manager:10.2
-
cpe:2.3:a:sitecore:experience_manager:10.3
-
cpe:2.3:a:sitecore:experience_manager:10.4
-
cpe:2.3:a:sitecore:experience_manager:9.0
-
cpe:2.3:a:sitecore:experience_manager:9.1
-
cpe:2.3:a:sitecore:experience_manager:9.2
-
cpe:2.3:a:sitecore:experience_manager:9.3
-
cpe:2.3:a:sitecore:experience_platform:10.0
-
cpe:2.3:a:sitecore:experience_platform:10.1
-
cpe:2.3:a:sitecore:experience_platform:10.2
-
cpe:2.3:a:sitecore:experience_platform:10.3
-
cpe:2.3:a:sitecore:experience_platform:10.4
-
cpe:2.3:a:sitecore:experience_platform:9.0
-
cpe:2.3:a:sitecore:experience_platform:9.1
-
cpe:2.3:a:sitecore:experience_platform:9.1.1
-
cpe:2.3:a:sitecore:experience_platform:9.2
-
cpe:2.3:a:sitecore:experience_platform:9.3
-
cpe:2.3:a:sitecore:managed_cloud:-