-/10CrowdSec Score

Sitecore - Path Traversal (CVE-2025-34510)

Published on17-06-2025

First seen on01-08-2025

CVSS 8.8/10Sitecore - Experience ManagerSitecore - Experience PlatformSitecore - Experience Commerce

3Exploiting IPs reported

Sitecore Experience Manager (XM), Experience Platform (XP), and Experience Commerce (XC) versions 9.0 through 9.3 and 10.0 through 10.4 are affected by a Zip Slip vulnerability. A remote, authenticated attacker can exploit this issue by sending a crafted HTTP request to upload a ZIP archive containing path traversal sequences, allowing arbitrary file writes and leading to code execution.

Exploitation

Get real-time information about exploitation attempts and actors involved.

Detected IPs

Discover the IPs that targeted this vulnerability across the CrowdSec Network.

・

Protection

Find out relevant information to protect your stack against this CVE.

Blocklist

With our advanced worldwide network detection, CrowdSec can provide a list of IPs known for exploiting the vulnerability.

To increase your protection against this CVE, block exploitation attempts with this list of identified actors.

Sitecore - Path Traversal (CVE-2025-34510)

Exploitation

Detected IPs

Protection

Blocklist

References