GCVE - cpe:2.3:a:sitecore:experience_platform:10.4:-:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:sitecore:experience_platform:10.4:-:*:*:*:*:*:*

part: a version: 10.4 update: -

Vendor	Sitecore (`a7d448aa-2b42-539c-981e-05d11ea00680`)
Product	Experience Platform (`026326e1-f45f-5b58-94dc-146885d4fa2f`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-53694`	vulnerable	2026-06-03 15:03:54.587541	Information Disclosure in ItemServices API HIGH (7.5) Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP).This issue affects Sitecore Experience Manager (XM): from 9.2 through 10.4; Experience Platform (XP): from 9.2 through 10.4. Published: 2025-09-03T12:36:37.520Z Updated: 2025-09-03T13:57:58.828Z Open on db.gcve.eu Reference links https://labs.watchtowr.com/cache-me-if-you-can-sitecore-experience-platform-cache-poisoning-to-rce/ https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003734	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-53693`	vulnerable	2026-06-03 15:03:54.587123	HTML Cache Poisoning through Unsafe Reflections CRITICAL (9.8) Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Cache Poisoning.This issue affects Sitecore Experience Manager (XM): from 9.0 through 9.3, from 10.0 through 10.4; Experience Platform (XP): from 9.0 through 9.3, from 10.0 through 10.4. Published: 2025-09-03T12:36:53.745Z Updated: 2025-09-03T13:53:40.699Z Open on db.gcve.eu Reference links https://labs.watchtowr.com/cache-me-if-you-can-sitecore-experience-platform-cache-poisoning-to-rce/ https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003667	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-53691`	vulnerable	2026-06-03 15:03:54.583580	Sitecore Experience Remote Code Execution through Insecure Deserialization HIGH (8.8) Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Remote Code Execution (RCE).This issue affects Experience Manager (XM): from 9.0 through 9.3, from 10.0 through 10.4; Experience Platform (XP): from 9.0 through 9.3, from 10.0 through 10.4. Published: 2025-09-03T12:36:59.561Z Updated: 2025-09-03T13:49:39.605Z Open on db.gcve.eu Reference links https://labs.watchtowr.com/cache-me-if-you-can-sitecore-experience-platform-cache-poisoning-to-rce/ https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003667	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-34511`	vulnerable	2026-06-03 15:00:51.805372	Sitecore PowerShell Extension RCE via Unrestricted Upload HIGH (8.8) Sitecore PowerShell Extensions, an add-on to Sitecore Experience Manager (XM) and Experience Platform (XP), through version 7.0 is vulnerable to an unrestricted file upload issue. A remote, authenticated attacker can upload arbitrary files to the server using crafted HTTP requests, resulting in remote code execution. Published: 2025-06-17T19:05:10.466Z Updated: 2026-02-26T17:50:30.660Z Open on db.gcve.eu Reference links https://labs.watchtowr.com/is-b-for-backdoor-pre-auth-rce-chain-in-sitecore-experience-platform/ https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003667	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-34510`	vulnerable	2026-06-03 15:00:51.800301	Sitecore XM, XC, and XP Post-Auth RCE via Zip Slip HIGH (8.8) Sitecore Experience Manager (XM), Experience Platform (XP), and Experience Commerce (XC) versions 9.0 through 9.3 and 10.0 through 10.4 are affected by a Zip Slip vulnerability. A remote, authenticated attacker can exploit this issue by sending a crafted HTTP request to upload a ZIP archive containing path traversal sequences, allowing arbitrary file writes and leading to code execution. Published: 2025-06-17T18:46:04.239Z Updated: 2026-02-26T17:50:31.002Z Open on db.gcve.eu Reference links https://labs.watchtowr.com/is-b-for-backdoor-pre-auth-rce-chain-in-sitecore-experience-platform/ https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003667	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-34509`	vulnerable	2026-06-03 15:00:51.798466	Sitecore XM and XP Hardcoded Credentials HIGH (7.5) Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access administrative API over HTTP. Published: 2025-06-17T18:20:57.441Z Updated: 2026-02-26T17:50:31.319Z Open on db.gcve.eu Reference links https://labs.watchtowr.com/is-b-for-backdoor-pre-auth-rce-chain-in-sitecore-experience-platform/ https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003667	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.