How to fix EUVD-2025-18568?

Within 24 hours: Identify all Sitecore instances with PowerShell Extensions installed and document version numbers; restrict administrative access to the extension and monitor for suspicious file uploads. Within 7 days: Implement WAF rules to block suspicious upload requests to PowerShell Extensions endpoints; consider disabling the extension if business operations permit. Within 30 days: Monitor vendor communications for patch availability; evaluate architectural changes to segment Sitecore infrastructure and implement compensating controls; conduct forensic review for unauthorized file uploads or code execution.

Is Experience Manager affected by EUVD-2025-18568?

Sitecore PowerShell Extensions versions through 7.0 contain a critical file upload vulnerability that allows authenticated attackers to execute arbitrary code on affected servers.

EUVD-2025-18568

| CVE-2025-34511 HIGH

2025-06-17 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 22:15 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 22:15 euvd

EUVD-2025-18568

PoC Detected

Sep 08, 2025 - 19:10 vuln.today

Public exploit code

CVE Published

Jun 17, 2025 - 19:15 nvd

HIGH 8.8

Description

Sitecore PowerShell Extensions, an add-on to Sitecore Experience Manager (XM) and Experience Platform (XP), through version 7.0 is vulnerable to an unrestricted file upload issue. A remote, authenticated attacker can upload arbitrary files to the server using crafted HTTP requests, resulting in remote code execution.

Analysis

Sitecore PowerShell Extensions through version 7.0 allows authenticated users to upload arbitrary files including ASPX webshells via crafted HTTP requests. The unrestricted file upload bypasses content type restrictions, enabling remote code execution on the Sitecore IIS server with any authenticated account.

Technical Context

Sitecore PowerShell Extensions (SPE) adds PowerShell scripting capabilities to the Sitecore CMS. The file upload functionality fails to properly restrict uploaded file types, allowing .aspx files to be uploaded and placed in web-accessible directories. An attacker with any authenticated Sitecore account can upload a webshell that executes with the IIS application pool identity.

Affected Products

['Sitecore PowerShell Extensions <= 7.0', 'Sitecore XM/XP with SPE installed']

Remediation

Update Sitecore PowerShell Extensions beyond version 7.0. Restrict SPE access to trusted administrators only. Configure IIS to prevent script execution in upload directories. Monitor Sitecore file system for unexpected .aspx file creation.

Priority Score

143

Low Medium High Critical

KEV: 0

EPSS: +78.7

CVSS: +44

POC: +20

EUVD-2025-18568 vulnerability details – vuln.today

Back

EUVD-2025-18568

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

EUVD-2025-18568

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code