How to fix EUVD-2025-18525?

Within 24 hours: Identify all Sitecore XM/XP/XC instances running versions 9.0-9.3 or 10.0-10.4 and inventory user accounts with upload/administration privileges. Within 7 days: Implement WAF rules to block malicious ZIP uploads and restrict administrative file upload functionality to trusted IPs only; disable the vulnerable upload feature if operationally feasible. Within 30 days: Plan and execute upgrade to Sitecore 10.5 or later, or migrate to SaaS versions; perform enhanced monitoring of all file upload activity and authentication logs.

Is Managed Cloud affected by EUVD-2025-18525?

Sitecore XM, XP, and XC customers running versions 9.0-9.3 and 10.0-10.4 face an immediate risk of unauthorized code execution through a Zip Slip vulnerability that requires only authenticated access.

EUVD-2025-18525

| CVE-2025-34510 HIGH

2025-06-17 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 22:15 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 22:15 euvd

EUVD-2025-18525

PoC Detected

Sep 08, 2025 - 19:22 vuln.today

Public exploit code

CVE Published

Jun 17, 2025 - 19:15 nvd

HIGH 8.8

Description

Sitecore Experience Manager (XM), Experience Platform (XP), and Experience Commerce (XC) versions 9.0 through 9.3 and 10.0 through 10.4 are affected by a Zip Slip vulnerability. A remote, authenticated attacker can exploit this issue by sending a crafted HTTP request to upload a ZIP archive containing path traversal sequences, allowing arbitrary file writes and leading to code execution.

Analysis

Sitecore Experience Manager, Platform, and Commerce versions 9.0 through 10.4 contain a Zip Slip vulnerability that allows authenticated attackers to write arbitrary files outside the intended upload directory. By crafting ZIP archives with path traversal entries, attackers can overwrite application files and achieve remote code execution.

Technical Context

The file upload functionality accepts ZIP archives and extracts their contents without properly validating entry paths. By including entries with ../../ prefixes in the ZIP archive, an attacker can write files to arbitrary locations on the filesystem. Writing an ASPX webshell to the Sitecore web root achieves code execution. The vulnerability requires authentication but not administrative privileges.

Affected Products

['Sitecore XM/XP/XC 9.0 through 9.3', 'Sitecore XM/XP/XC 10.0 through 10.4']

Remediation

Apply the latest Sitecore security patch. Implement server-level controls to prevent file writes outside designated directories. Restrict upload permissions to trusted users. Monitor the web root for unexpected ASPX file creation.

Priority Score

151

Low Medium High Critical

KEV: 0

EPSS: +87.3

CVSS: +44

POC: +20

EUVD-2025-18525 vulnerability details – vuln.today

Back

EUVD-2025-18525

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

EUVD-2025-18525

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code