module

Sitecore XP CVE-2025-34510 Post-Authentication Remote Code Execution

Try Surface Command
Back to search
Disclosed
Jun 17, 2025

Description

This module exploits CVE-2025-34510, path traversal leading to remote code execution. The module exploits also CVE-2025-34509 - hardcoded credentials of ServicesAPI account - to gain foothold.
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today