https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-34509.yaml

标题： Sitecore Experience Platform和Sitecore Experience Manager 安全漏洞 (CVE-2025-34509)
描述：Sitecore Experience Platform（XP）和Sitecore Experience Manager（XM）都是丹麦Sitecore公司的产品。Sitecore Experience Platform是一套客户数字体验平台。Sitecore Experience Manager是一个管理软件。 Sitecore Experience Platform和Sitecore Experience Manager存在安全漏洞，该漏洞源于硬编码用户账户，可能导致未经验证的远程攻击者访问管理API

Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access administrative API over HTTP.

 id: CVE-2025-34509

info:
  name: Sitecore Experience Manager (XM) and Experience Platform (XP) - Ha

...