CVE-2025-34510— Sitecore多款产品 安全漏洞

Sitecore XM, XC, and XP Post-Auth RCE via Zip Slip

Sitecore Experience Manager (XM), Experience Platform (XP), and Experience Commerce (XC) versions 9.0 through 9.3 and 10.0 through 10.4 are affected by a Zip Slip vulnerability. A remote, authenticated attacker can exploit this issue by sending a crafted HTTP request to upload a ZIP archive containing path traversal sequences, allowing arbitrary file writes and leading to code execution.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

相对路径遍历

Sitecore多款产品 安全漏洞

Sitecore Experience Platform（XP）等都是丹麦Sitecore公司的产品。Sitecore Experience Platform是一套客户数字体验平台。Sitecore Experience Manager（XM）是一个管理软件。Sitecore Experience Commerce（XC）是一个原生集成、支持云的软件平台，使品牌能够在购物前、购物中、购物中、购物前、购物过程中提供完全个性化的端到端购物体验。 Sitecore多款产品存在安全漏洞，该漏洞源于Zip Slip

N/A

N/A