Managed Cloud Security Vulnerabilities and Issues — Managed Cloud CVE List

SitecoreManaged Cloud

9 matches found

CVE•added 2025/09/03 8:4 p.m.•425 views

CVE-2025-53690

CVE-2025-53690 affects Sitecore XM/XP (through 9.0) with a Deserialization of Untrusted Data vulnerability that can enable remote code execution. Connected sources provide concrete details: a PoC exploit targeting a .NET deserialization path (ViewState/Asp.NET machine keys) and reports of remote ...

9CVSS6.6AI score0.26308EPSS

In wild

CVE•added 2023/06/17 12:0 a.m.•201 views

CVE-2023-35813

Sitecore CVE-2023-35813 affects Experience Manager, Experience Platform, and Experience Commerce up to version 10.3. The root cause is remote code execution via the XAML parser triggered by injecting malicious ASP.NET markup, enabling unauthenticated arbitrary code execution on Sitecore servers a...

9.8CVSS9.7AI score0.86685EPSS

In wildWeb

CVE•added 2025/06/17 6:20 p.m.•85 views

CVE-2025-34509

Sitecore XM/XP affected: Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 to 10.1.4 rev. 011974 PRE, all 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE; root cause is a hardcoded user account that allows unauthenticated, remote access to the ad...

7.5CVSS8.2AI score0.38428EPSS

In wild

CVE•added 2025/06/17 6:46 p.m.•65 views

CVE-2025-34510

Sitecore XP, XM, and XC (versions 9.0–9.3 and 10.0–10.4) are affected by Zip Slip leading to RCE. A remote, authenticated attacker can upload a ZIP with path traversal to write arbitrary files and execute code. Public references describe post-auth exploitation chains (including Metasploit modules...

8.8CVSS8.8AI score0.09312EPSS

CVE•added 2025/06/17 7:5 p.m.•58 views

CVE-2025-34511

CVE-2025-34511 affects Sitecore PowerShell Extensions (SPE) for Sitecore XM/XP. The vulnerability is an unrestricted file upload in SPE versions up to 7.0, allowing a remote, authenticated attacker to upload arbitrary files and achieve remote code execution. Connected exploit-related documents co...

8.8CVSS9AI score0.08501EPSS

CVE•added 2023/06/06 12:0 a.m.•54 views

CVE-2023-33651

CVE-2023-33651 affects Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) from 9.0 Initial Release through 13.0 Initial Release. The vulnerability is in the MVC Device Simulator and allows attackers to bypass authorization rules. The connected PT-Security rep...

7.5CVSS7.5AI score0.01427EPSS

CVE•added 2025/09/03 12:36 p.m.•37 views

CVE-2025-53693

CVE-2025-53693 is an HTML cache poisoning vulnerability in Sitecore Experience Manager (XM) and Experience Platform (XP) caused by using externally-controlled input to select classes or code (Unsafe Reflection). Affected products: XM 9.0–9.3 and 10.0–10.4; XP 9.0–9.3 and 10.0–10.4. The underlying...

9.8CVSS6.6AI score0.13782EPSS

CVE•added 2025/09/03 12:36 p.m.•30 views

CVE-2025-53694

CVE-2025-53694 is an information-disclosure vulnerability in Sitecore Experience Manager (XM) and Experience Platform (XP) affecting XM 9.2–10.4 and XP 9.2–10.4. The issue stems from exposure of sensitive information via the ItemService API, accessible under restricted anonymous conditions, enabl...

7.5CVSS6.6AI score0.05343EPSS

Web

CVE•added 2025/09/03 12:36 p.m.•28 views

CVE-2025-53691

CVE-2025-53691 is a Sitecore vulnerability: insecure deserialization in Sitecore Experience Manager (XM) and Experience Platform (XP) can lead to Remote Code Execution (RCE). Affected: XM 9.0–9.3 and 10.0–10.4; XP 9.0–9.3 and 10.0–10.4. Root cause: untrusted data deserialization using insecure pa...

8.8CVSS7.2AI score0.01441EPSS