Sitecore Experience Manager
Moderate fix1 remedy
cpe:2.3:a:sitecore:experience_manager:*:*:*:*:*:*:*
Moderate fix1 remedy
- >= 8.0 Initial Release, <= 10.4 Initial Release
Sitecore Experience Platform Arbitrary File Read Vulnerability
Vulnerability
A vulnerability allowing unauthenticated arbitrary file reads exists in Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud. This issue affects all Experience Platform topologies from version 8.0 Initial Release through 10.4 Initial Release and later. The vulnerability impacts Content Management (CM) and standalone instances, as well as PaaS and containerized solutions.
Impact
Exploitation of this vulnerability could lead to unauthorized access to arbitrary files on the server, potentially exposing sensitive information.
Remediation
To mitigate this vulnerability, Sitecore users should apply the patch available in the Sitecore.Support.PDXP-9109.zip archive. Instructions for applying the patch are included in the Sitecore Security Bulletin SC2025-002-9109.
Added: Sep 1, 2025, 7:22 PM
Updated: Sep 1, 2025, 7:22 PM
Vulnerability Rating
Custom Algorithm
spread
5.2impact
2.5exploitability
7.6remediation
7.7relevance
0.3threat
0.0urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.