Sitecore Experience Manager
Moderate fix1 remedy
cpe:2.3:a:sitecore:experience_manager:*:*:*:*:*:*:*
Moderate fix1 remedy
- >= 9.2.0, <= 10.4.0
Sitecore Experience Manager, Platform, Commerce, and Managed Cloud Remote Code Execution Vulnerability
Vulnerability
A remote code execution vulnerability has been identified in Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud. This vulnerability allows for unauthorized access to information and affects all Experience Platform topologies from version 9.2 Initial Release through 10.4 Initial Release. PaaS and containerized solutions are also impacted.
Impact
Exploitation of this vulnerability could lead to remote code execution and unauthorized access to information.
Remediation
Sitecore users are advised to apply the available security fixes to their instances. For Managed Cloud customers, follow the documented procedures for patch application. Managed Cloud Premium customers can contact their Solutions Engineer for support with patch installation.
Added: Sep 1, 2025, 7:22 PM
Updated: Sep 1, 2025, 7:22 PM
Vulnerability Rating
Custom Algorithm
spread
5.2impact
7.5exploitability
7.6remediation
7.7relevance
0.3threat
0.0urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.