module

Sitecore XP CVE-2025-34511 Post-Authentication File Upload

Try Surface Command
Back to search
Disclosed
Jun 17, 2025

Description

This module exploits CVE-2025-34511, a file upload vulnerability in PowerShell extensions. The module exploits also CVE-2025-34509 - hardcoded credentials of ServicesAPI account - to gain foothold.
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today