cvelistv5 - cve-2025-34138

CVE-2025-34138 (GCVE-0-2025-34138)

Vulnerability from cvelistv5 – Published: 2025-07-25 15:54 – Updated: 2025-12-04 16:22

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority, as it is a duplicate of CVE-2025-53692 and CVE-2025-53694.

Replaced by CVE-2025-53692

Replaced by CVE-2025-53694

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "providerMetadata": {
        "dateUpdated": "2025-12-04T16:22:54.196Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "rejectedReasons": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority, as it is a duplicate of\u0026nbsp;CVE-2025-53692 and\u0026nbsp;CVE-2025-53694."
            }
          ],
          "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority, as it is a duplicate of\u00a0CVE-2025-53692 and\u00a0CVE-2025-53694."
        }
      ],
      "replacedBy": [
        "CVE-2025-53692",
        "CVE-2025-53694"
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2025-34138",
    "datePublished": "2025-07-25T15:54:47.306Z",
    "dateRejected": "2025-12-04T16:22:54.196Z",
    "dateReserved": "2025-04-15T19:15:22.562Z",
    "dateUpdated": "2025-12-04T16:22:54.196Z",
    "state": "REJECTED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-34138\",\"sourceIdentifier\":\"disclosure@vulncheck.com\",\"published\":\"2025-07-25T16:15:28.790\",\"lastModified\":\"2025-12-04T17:15:54.473\",\"vulnStatus\":\"Rejected\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority, as it is a duplicate of\u00a0CVE-2025-53692 and\u00a0CVE-2025-53694.\"}],\"metrics\":{},\"references\":[]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"providerMetadata\": {\"orgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"shortName\": \"VulnCheck\", \"dateUpdated\": \"2025-12-04T16:22:54.196Z\"}, \"rejectedReasons\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"This CVE ID has been rejected or withdrawn by its CVE Numbering Authority, as it is a duplicate of\u0026nbsp;CVE-2025-53692 and\u0026nbsp;CVE-2025-53694.\"}], \"value\": \"This CVE ID has been rejected or withdrawn by its CVE Numbering Authority, as it is a duplicate of\\u00a0CVE-2025-53692 and\\u00a0CVE-2025-53694.\"}], \"replacedBy\": [\"CVE-2025-53692\", \"CVE-2025-53694\"], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-34138\", \"assignerOrgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"state\": \"REJECTED\", \"assignerShortName\": \"VulnCheck\", \"dateReserved\": \"2025-04-15T19:15:22.562Z\", \"datePublished\": \"2025-07-25T15:54:47.306Z\", \"dateUpdated\": \"2025-12-04T16:22:54.196Z\", \"dateRejected\": \"2025-12-04T16:22:54.196Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2025-34138

Vulnerability from fkie_nvd - Published: 2025-07-25 16:15 - Updated: 2025-12-04 17:15

Severity ?

Summary

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority, as it is a duplicate of CVE-2025-53692 and CVE-2025-53694.

References

	URL	Tags

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority, as it is a duplicate of\u00a0CVE-2025-53692 and\u00a0CVE-2025-53694."
    }
  ],
  "id": "CVE-2025-34138",
  "lastModified": "2025-12-04T17:15:54.473",
  "metrics": {},
  "published": "2025-07-25T16:15:28.790",
  "references": [],
  "sourceIdentifier": "disclosure@vulncheck.com",
  "vulnStatus": "Rejected"
}

GHSA-Q5G5-QQ27-6887

Vulnerability from github – Published: 2025-07-25 18:30 – Updated: 2025-12-04 18:30

Details

A vulnerability exists in Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud that could allow remote code execution or unauthorized access to information. This vulnerability affects all Experience Platform topologies (XM, XP, XC) from 9.2 Initial Release through 10.4 Initial Release. PaaS and containerized solutions are similarly affected.

Severity ?

9.3 (Critical)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-34138"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-25T16:15:28Z",
    "severity": "CRITICAL"
  },
  "details": "A vulnerability exists in Sitecore\u00a0Experience Manager (XM),\u00a0Experience Platform (XP),\u00a0Experience Commerce (XC), and\u00a0Managed Cloud that could allow remote code execution or\u00a0unauthorized access to information.\u00a0This vulnerability affects all Experience Platform topologies (XM, XP, XC) from 9.2 Initial Release through 10.4 Initial Release. PaaS and containerized solutions are similarly affected.",
  "id": "GHSA-q5g5-qq27-6887",
  "modified": "2025-12-04T18:30:35Z",
  "published": "2025-07-25T18:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34138"
    },
    {
      "type": "WEB",
      "url": "https://support.sitecore.com/kb?id=kb_article_view\u0026sysparm_article=KB1003734"
    },
    {
      "type": "WEB",
      "url": "https://support.sitecore.com/kb?id=kb_article_view\u0026sysparm_article=KB1003743"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/sitecore-xm-xp-xc-managed-cloud-rce"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-34138 (GCVE-0-2025-34138)

FKIE_CVE-2025-34138

GHSA-Q5G5-QQ27-6887

Tags

Sightings

Nomenclature