Sitecore XM/XP/XC and Managed Cloud 9.2 – 10.4 RCE

July 25, 2025 invoker category_cve

CVE Details

Basic Information

Title Sitecore XM/XP/XC and Managed Cloud 9.2 – 10.4 RCE
Type cve
Published 2025-07-25T15:54:47.306Z
Modified 2025-07-25T15:54:47.306Z

Product Information

Vendor Sitecore
Product Experience Manager (XM)
Version 9.2 Initial Release

CVSS Information

Base Score 9.3 (CRITICAL)
Attack Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

  • Sitecore Experience Manager (XM) 9.2 Initial Release
  • Sitecore Experience Platform (XP) 9.2 Initial Release
  • Sitecore Experience Commerce (XC) 9.2 Initial Release
  • Sitecore Managed Cloud 9.2 Initial Release

Additional Information

Source VulnCheck

Description

A vulnerability exists in Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud that could allow remote code execution or unauthorized access to information. This vulnerability affects all Experience Platform topologies (XM, XP, XC) from 9.2 Initial Release through 10.4 Initial Release. PaaS and containerized solutions are similarly affected.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.