github - ghsa-g93f-92gj-4q4x

ghsa-g93f-92gj-4q4x

Vulnerability from github

Published

2025-06-17 21:32

Modified

2025-07-22 15:32

Severity ?

8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Details

Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access administrative API over HTTP.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-34509"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-798"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-17T19:15:31Z",
    "severity": "HIGH"
  },
  "details": "Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access administrative API over HTTP.",
  "id": "GHSA-g93f-92gj-4q4x",
  "modified": "2025-07-22T15:32:23Z",
  "published": "2025-06-17T21:32:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34509"
    },
    {
      "type": "WEB",
      "url": "https://labs.watchtowr.com/is-b-for-backdoor-pre-auth-rce-chain-in-sitecore-experience-platform"
    },
    {
      "type": "WEB",
      "url": "https://support.sitecore.com/kb?id=kb_article_view\u0026sysparm_article=KB1003667"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2025-34509 (GCVE-0-2025-34509)

Vulnerability from cvelistv5

Published

2025-06-17 18:20

Modified

2025-07-22 13:07

Severity ?

8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CWE

CWE-798 - Use of Hard-coded Credentials

Summary

Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access administrative API over HTTP.

References

►

URL

Tags

	https://labs.watchtowr.com/is-b-for-backdoor-pre-auth-rce-chain-in-sitecore-experience-platform/	third-party-advisory, exploit, technical-description
	https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003667	vendor-advisory

Impacted products

Vendor

Product

Version

►

Experience Manager

Version: 10.4   < 10.4.1 rev. 011941 PRE
Version: 10.3   < 10.3.3 rev. 011967 PRE
Version: 10.1   < 10.1.4 rev. 011974 PRE

Experience Platform

Version: 10.4   < 10.4.1 rev. 011941 PRE
Version: 10.3   < 10.3.3 rev. 011967 PRE
Version: 10.1   < 10.1.4 rev. 011974 PRE

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-34509",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-17T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-18T03:56:09.729Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Experience Manager",
          "vendor": "Sitecore",
          "versions": [
            {
              "lessThan": "10.4.1 rev. 011941 PRE",
              "status": "affected",
              "version": "10.4",
              "versionType": "custom"
            },
            {
              "lessThan": "10.3.3 rev. 011967 PRE",
              "status": "affected",
              "version": "10.3",
              "versionType": "custom"
            },
            {
              "lessThan": "10.1.4 rev. 011974 PRE",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Experience Platform",
          "vendor": "Sitecore",
          "versions": [
            {
              "lessThan": "10.4.1 rev. 011941 PRE",
              "status": "affected",
              "version": "10.4",
              "versionType": "custom"
            },
            {
              "lessThan": "10.3.3 rev. 011967 PRE",
              "status": "affected",
              "version": "10.3",
              "versionType": "custom"
            },
            {
              "lessThan": "10.1.4 rev. 011974 PRE",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Piotr Bazydlo of watchTowr"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access administrative API over HTTP."
            }
          ],
          "value": "Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access administrative API over HTTP."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798 Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-22T13:07:15.476Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory",
            "exploit",
            "technical-description"
          ],
          "url": "https://labs.watchtowr.com/is-b-for-backdoor-pre-auth-rce-chain-in-sitecore-experience-platform/"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://support.sitecore.com/kb?id=kb_article_view\u0026sysparm_article=KB1003667"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to patched versions."
            }
          ],
          "value": "Update to patched versions."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Sitecore XM and XP Hardcoded Credentials",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2025-34509",
    "datePublished": "2025-06-17T18:20:57.441Z",
    "dateReserved": "2025-04-15T19:15:22.612Z",
    "dateUpdated": "2025-07-22T13:07:15.476Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.