Vulnerability Database

308,379

Total vulnerabilities in the database

CVE-2025-34509

Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access administrative API over HTTP.

Published: Jun 17, 2025
Updated: Nov 16, 2025
CVE: CVE-2025-34509
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.2
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CWEs:

CWE-798

Affected Software
References

Software	From	Fixed in
sitecore / experience_commerce	9.0	10.4.x
sitecore / experience_manager	9.0	10.4.x
sitecore / experience_platform	9.0	10.4
sitecore / experience_platform	10.4	10.4.x

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo