Unrated severityNVD Advisory· Published Jun 17, 2025· Updated Feb 26, 2026
Sitecore PowerShell Extension RCE via Unrestricted Upload
CVE-2025-34511
Description
Sitecore PowerShell Extensions, an add-on to Sitecore Experience Manager (XM) and Experience Platform (XP), through version 7.0 is vulnerable to an unrestricted file upload issue. A remote, authenticated attacker can upload arbitrary files to the server using crafted HTTP requests, resulting in remote code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=7.0+ 1 more
- (no CPE)range: <=7.0
- (no CPE)range: 0
Patches
Vulnerability mechanics
References
2- labs.watchtowr.com/is-b-for-backdoor-pre-auth-rce-chain-in-sitecore-experience-platform/mitrethird-party-advisoryexploittechnical-description
- support.sitecore.com/kbmitrevendor-advisory
News mentions
0No linked articles in our index yet.