Sitecore XM/XP/XC and Managed Cloud 8.0 - 10.4 Arbitrary File Read | Advisories

Advisories

Sitecore XM/XP/XC and Managed Cloud 8.0 - 10.4 Arbitrary File Read

severity: high
date: July 25, 2025
Affecting: XM/XP/XC 8.0 Initial Release - 10.4 Initial Release and later
Content Management (CM) and standalone instances
PaaS and containerized solutions
CVE: CVE-2025-34139
CVE type: Unspecified
CVSS: 8.7
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
References: Vendor Advisory (EN)
Vendor Advisory (JP)
Credit: Sitecore