Sitecore - Path Traversal (CVE-2025-34510)
393Exploiting IPs reported
Sitecore Experience Manager (XM), Experience Platform (XP), and Experience Commerce (XC) versions 9.0 through 9.3 and 10.0 through 10.4 are affected by a Zip Slip vulnerability. A remote, authenticated attacker can exploit this issue by sending a crafted HTTP request to upload a ZIP archive containing path traversal sequences, allowing arbitrary file writes and leading to code execution.
CrowdSec analysis
CVE-2025-34510 is a path traversal vulnerability in Sitecore Experience Manager versions 9.0 through 9.3 and 10.0 through 10.4. THe vulnerability allows remote attackers to upload arbitrary zip-encoded payloads to a given endpoint, leading to potential system compromise.
CrowdSec has been tracking this vulnerability and its exploits since 20th of June 2025.
According to CrowdSec data, while opportunistic exploitation dominates, a portion of threat actors trying to exploit CVE-2025-34510 apply basic targeting methods such as port or service detection. This indicates emerging patterns of selective targeting. Data from the CrowdSec community also indicates a gradual decrease in attacks targeting CVE-2025-34510. While still present in the wild, exploitation levels have dropped noticeably week-over-week. This may signal that the vulnerability is becoming less relevant or that defenses are improving fast enough for attackers to lose interest.
Observed attack attempts focus on URLs containing /sitecore/shell/applications/dialogs/upload/upload2.aspx to upload a malicious Zip file to the target.
Exploitation
Get real-time information about exploitation attempts and actors involved.
Protection
Find out relevant information to protect your stack against this CVE.
Blocklist
With our advanced worldwide network detection, CrowdSec can provide a list of IPs known for exploiting the vulnerability.
To increase your protection against this CVE, block exploitation attempts with this list of identified actors.