Sitecore XM/XP/XC and Managed Cloud 8.0 – 10.4 Arbitrary File Read

July 25, 2025 invoker category_cve

CVE Details

Basic Information

Title Sitecore XM/XP/XC and Managed Cloud 8.0 – 10.4 Arbitrary File Read
Type cve
Published 2025-07-25T15:54:25.297Z
Modified 2025-07-25T15:54:25.297Z

Product Information

Vendor Sitecore
Product Experience Manager (XM)
Version 8.0 Initial Release

CVSS Information

Base Score 8.7 (HIGH)
Attack Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products

  • Sitecore Experience Manager (XM) 8.0 Initial Release
  • Sitecore Experience Platform (XP) 8.0 Initial Release
  • Sitecore Experience Commerce (XC) 8.0 Initial Release
  • Sitecore Managed Cloud 8.0 Initial Release

Additional Information

Source VulnCheck

Description

A vulnerability exists in Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud that could allow an unauthenticated attacker to read arbitrary files. This vulnerability affects all Experience Platform topologies (XM, XP, XC) from 8.0 Initial Release through 10.4 Initial Release and later. This issue affects Content Management (CM) and standalone instances. PaaS and containerized solutions are also affected.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.