Primary

Context

Sitecore Experience Manager and Experience Platform Remote Code Execution Vulnerability

Vulnerability

Patched

A remote code execution vulnerability has been identified in Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.4 prior to KB1002844. This vulnerability arises from insecure deserialization, allowing for unauthorized code execution on the server.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected server.

Remediation

To address this vulnerability, Sitecore users should apply the cumulative hotfix available in KB1002844 for version 10.4. For Managed Cloud customers running affected Experience Platform versions, the same hotfix should be applied. After applying the hotfix, verify that the version of the Sitecore.Kernel assembly is equal to or greater than 19.4.93.21984.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

10.0

exploitability

7.6

remediation

7.7

relevance

0.0

threat

1.5

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

10.0

exploitability

7.6

remediation

7.7

relevance

0.0

threat

1.5

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Sitecore Experience Manager and Experience Platform Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Sitecore Experience Manager

Sitecore Experience Platform

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating