{"id":12540,"date":"2025-07-07T10:00:42","date_gmt":"2025-07-07T06:00:42","guid":{"rendered":"https:\/\/me.kaspersky.com\/blog\/?p=12540"},"modified":"2025-07-07T02:27:21","modified_gmt":"2025-07-06T22:27:21","slug":"vulnerabilities-sitecore-experience-platform","status":"publish","type":"post","link":"https:\/\/me.kaspersky.com\/blog\/vulnerabilities-sitecore-experience-platform\/12540\/","title":{"rendered":"\u0623\u0645\u0627\u0646 \u0645\u0646 \u0627\u0644\u062f\u0631\u062c\u0629 \u0627\u0644\u062b\u0627\u0646\u064a\u0629: \u062b\u0644\u0627\u062b \u062b\u063a\u0631\u0627\u062a \u0623\u0645\u0646\u064a\u0629 \u0641\u064a \u0645\u0646\u0635\u0629 Sitecore CMS."},"content":{"rendered":"<p><a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/sitecore-cms-exploit-chain-starts-with-hardcoded-b-password\/\">\u0627\u0643\u062a\u0634\u0641<\/a> \u0627\u0644\u0628\u0627\u062d\u062b\u0648\u0646 \u062b\u0644\u0627\u062b \u062b\u063a\u0631\u0627\u062a \u0623\u0645\u0646\u064a\u0629 \u0641\u064a \u0646\u0638\u0627\u0645 \u0625\u062f\u0627\u0631\u0629 \u0627\u0644\u0645\u062d\u062a\u0648\u0649 \u0627\u0644\u0634\u0647\u064a\u0631\u060c Sitecore Experience Platform.<\/p>\n<ul>\n<li>\u062a\u062a\u0636\u0645\u0646 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-34509\">CVE-2025-34509<\/a> \u0643\u0644\u0645\u0629 \u0645\u0631\u0648\u0631 \u062b\u0627\u0628\u062a\u0629 (\u062a\u062a\u0643\u0648\u0646 \u0645\u0646 \u062d\u0631\u0641 \u0648\u0627\u062d\u062f \u0641\u0642\u0637) \u062a\u0633\u0645\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u0628\u062a\u0633\u062c\u064a\u0644 \u0627\u0644\u062f\u062e\u0648\u0644 \u0639\u0646 \u0628\u064f\u0639\u062f \u0643\u062d\u0633\u0627\u0628 \u062e\u062f\u0645\u0629.<\/li>\n<li><a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-34510\">CVE-2025-34510<\/a> \u0647\u064a \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u0641\u064a Zip Slip \u062a\u062a\u064a\u062d \u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0645\u0635\u0631\u062d \u0644\u0647 \u062a\u062d\u0645\u064a\u0644 \u0648\u0627\u0633\u062a\u062e\u0631\u0627\u062c \u0623\u0631\u0634\u064a\u0641 ZIP \u0625\u0644\u0649 \u0627\u0644\u062f\u0644\u064a\u0644 \u0627\u0644\u062c\u0630\u0631 \u0644\u0645\u0648\u0642\u0639 \u0627\u0644\u0648\u064a\u0628.<\/li>\n<li>\u062a\u0633\u0645\u062d \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-34511\">CVE-2025-34511<\/a> \u0644\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a\u0646 \u0623\u064a\u0636\u064b\u0627 \u0628\u062a\u062d\u0645\u064a\u0644 \u0645\u0644\u0641\u0627\u062a \u062e\u0627\u0631\u062c\u064a\u0629 \u0625\u0644\u0649 \u0627\u0644\u0645\u0648\u0642\u0639\u060c \u0644\u0643\u0646 \u0647\u0630\u0647 \u0627\u0644\u0645\u0631\u0629 \u062f\u0648\u0646 \u0623\u064a \u0642\u064a\u0648\u062f.<\/li>\n<\/ul>\n<p>\u0639\u0646 \u0637\u0631\u064a\u0642 \u062f\u0645\u062c \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0627\u0644\u0623\u0648\u0644\u0649 \u0645\u0639 \u0623\u064a \u0645\u0646 \u0627\u0644\u062b\u063a\u0631\u062a\u064a\u0646 \u0627\u0644\u0623\u062e\u064a\u0631\u062a\u064a\u0646\u060c \u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u062a\u062d\u0642\u064a\u0642 \u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629 \u0639\u0646 \u0628\u064f\u0639\u062f (RCE) \u0639\u0644\u0649 \u062e\u0627\u062f\u0645 \u064a\u0639\u0645\u0644 \u0639\u0644\u064a\u0647 \u0646\u0638\u0627\u0645 Sitecore Experience Platform.<\/p>\n<p>\u0644\u0627 \u064a\u0648\u062c\u062f \u062d\u0627\u0644\u064a\u064b\u0627 \u0623\u064a \u062f\u0644\u064a\u0644 \u0639\u0644\u0649 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0641\u064a \u0647\u062c\u0645\u0627\u062a \u0641\u0639\u0644\u064a\u0629\u061b \u0648\u0645\u0639 \u0630\u0644\u0643\u060c \u0641\u0625\u0646 <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/labs.watchtowr.com\/is-b-for-backdoor-pre-auth-rce-chain-in-sitecore-experience-platform\/\">\u0627\u0644\u062a\u062d\u0644\u064a\u0644<\/a> \u0627\u0644\u0645\u0641\u0635\u0644 \u0627\u0644\u0630\u064a \u0646\u0634\u0631\u062a\u0647 watchTowr \u064a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0643\u0627\u0641\u064a\u0629 \u0644\u0643\u064a \u064a\u0642\u0648\u0645 \u0627\u0644\u0645\u0647\u0627\u062c\u0645\u0648\u0646 \u0628\u062a\u062d\u0648\u064a\u0644\u0647\u0627 \u0625\u0644\u0649 \u0623\u0633\u0644\u062d\u0629 \u0641\u064a \u0623\u064a \u0644\u062d\u0638\u0629.<\/p>\n<h2>CVE-2025-34509 \u2013 \u0627\u0644\u0648\u0635\u0648\u0644 \u0645\u0646 \u062e\u0644\u0627\u0644 \u062d\u0633\u0627\u0628 \u0645\u062d\u062f\u062f \u0645\u0633\u0628\u0642\u064b\u0627<\/h2>\n<p>\u064a\u062a\u0636\u0645\u0646 \u0646\u0638\u0627\u0645 Sitecore CMS \u0627\u0644\u0639\u062f\u064a\u062f \u0645\u0646 \u0627\u0644\u062d\u0633\u0627\u0628\u0627\u062a \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629\u060c \u0623\u062d\u062f\u0647\u0627 \u0647\u0648 sitecore\\ServicesAPI. \u0648\u0628\u0637\u0628\u064a\u0639\u0629 \u0627\u0644\u062d\u0627\u0644\u060c \u062a\u064f\u062e\u0632\u0646 \u0643\u0644\u0645\u0627\u062a \u0627\u0644\u0645\u0631\u0648\u0631 \u0644\u062c\u0645\u064a\u0639 \u0627\u0644\u062d\u0633\u0627\u0628\u0627\u062a \u0628\u0635\u064a\u063a\u0629 \u0645\u062c\u0632\u0623\u0629 (\u0648\u062d\u062a\u0649 <a target=\"_blank\" href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/salt\/\" rel=\"noopener\">\u0645\u0639\u0632\u0632 \u0628\u0627\u0644\u062d\u0645\u0627\u064a\u0629 \u0628\u0642\u064a\u0645\u0629 \u0639\u0634\u0648\u0627\u0626\u064a\u0629<\/a>). \u0648\u0645\u0639 \u0630\u0644\u0643\u060c \u0644\u0627 \u064a\u064f\u062d\u062f\u062b \u0647\u0630\u0627 \u0641\u0631\u0642\u064b\u0627 \u0643\u0628\u064a\u0631\u064b\u0627 \u0625\u0630\u0627 \u0643\u0627\u0646\u062a \u0643\u0644\u0645\u0629 \u0627\u0644\u0645\u0631\u0648\u0631 \u062a\u062a\u0643\u0648\u0646 \u0645\u0646 \u0627\u0644\u062d\u0631\u0641 \u0627\u0644\u0641\u0631\u062f\u064a \u201cb\u201d \u0641\u0642\u0637. \u0648\u064a\u0645\u0643\u0646 \u0627\u062e\u062a\u0631\u0627\u0642 \u0643\u0644\u0645\u0629 \u0645\u0631\u0648\u0631 \u0643\u0647\u0630\u0647 \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0627\u0644\u062a\u062e\u0645\u064a\u0646 \u0641\u064a \u062d\u0648\u0627\u0644\u064a \u062b\u0644\u0627\u062b \u062b\u0648\u0627\u0646\u064d \u0641\u0642\u0637.<\/p>\n<p>\u062a\u062c\u062f\u0631 \u0627\u0644\u0625\u0634\u0627\u0631\u0629 \u0625\u0644\u0649 \u0623\u0646 \u0645\u0637\u0648\u0631\u064a Sitecore <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/doc.sitecore.com\/xp\/en\/developers\/latest\/platform-administration-and-architecture\/the-user-accounts.html\">\u064a\u0646\u0635\u062d\u0648\u0646 \u0628\u0639\u062f\u0645 \u062a\u0639\u062f\u064a\u0644 \u0627\u0644\u062d\u0633\u0627\u0628\u0627\u062a \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629<\/a>\u060c \u0645\u062d\u0630\u0631\u064a\u0646 \u0645\u0646 \u0623\u0646 \u201c\u062a\u0639\u062f\u064a\u0644 \u062d\u0633\u0627\u0628 \u0645\u0633\u062a\u062e\u062f\u0645 \u0627\u0641\u062a\u0631\u0627\u0636\u064a \u064a\u0645\u0643\u0646 \u0623\u0646 \u064a\u0624\u062b\u0631 \u0639\u0644\u0649 \u0645\u0646\u0627\u0637\u0642 \u0623\u062e\u0631\u0649 \u0645\u0646 \u0646\u0645\u0648\u0630\u062c \u0627\u0644\u0623\u0645\u0627\u0646\u201d (\u0645\u0647\u0645\u0627 \u0643\u0627\u0646 \u0645\u0639\u0646\u0649 \u0630\u0644\u0643). \u0644\u0630\u0644\u0643 \u0645\u0646 \u063a\u064a\u0631 \u0627\u0644\u0645\u0631\u062c\u062d \u0623\u0646 \u064a\u0642\u0648\u0645 \u0645\u0633\u0624\u0648\u0644\u0648 \u0627\u0644\u0645\u0648\u0642\u0639 \u0627\u0644\u0630\u064a\u0646 \u064a\u062a\u0628\u0639\u0648\u0646 \u0627\u0644\u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0627\u0644\u0631\u0633\u0645\u064a\u0629 \u0628\u062a\u063a\u064a\u064a\u0631 \u0643\u0644\u0645\u0627\u062a \u0627\u0644\u0645\u0631\u0648\u0631 \u0647\u0630\u0647. \u0648\u0646\u062a\u064a\u062c\u0629 \u0644\u0630\u0644\u0643\u060c \u0645\u0646 \u0627\u0644\u0645\u062d\u062a\u0645\u0644 \u0623\u0646 \u062a\u0643\u0648\u0646 \u0647\u0630\u0647 \u0627\u0644\u062d\u0633\u0627\u0628\u0627\u062a \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629 \u0645\u0648\u062c\u0648\u062f\u0629 \u0641\u064a \u0645\u0639\u0638\u0645 \u0645\u0648\u0627\u0642\u0639 \u0627\u0644\u0648\u064a\u0628 \u0627\u0644\u062a\u064a \u062a\u0633\u062a\u062e\u062f\u0645 \u0646\u0638\u0627\u0645 \u0625\u062f\u0627\u0631\u0629 \u0627\u0644\u0645\u062d\u062a\u0648\u0649 \u0647\u0630\u0627.<\/p>\n<p>\u0639\u0644\u0649 \u0627\u0644\u0631\u063a\u0645 \u0645\u0646 \u0630\u0644\u0643\u060c \u0641\u0625\u0646 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 sitecore\\ServicesAPI \u0644\u0627 \u064a\u0645\u062a\u0644\u0643 \u062d\u0642\u0648\u0642\u064b\u0627 \u0623\u0648 \u0623\u062f\u0648\u0627\u0631\u064b\u0627 \u0645\u0639\u064a\u0646\u0629 \u0644\u0647\u060c \u0644\u0630\u0627 \u0641\u0625\u0646 \u0645\u062c\u0631\u062f \u0627\u0644\u0645\u0635\u0627\u062f\u0642\u0629 \u0645\u0646 \u062e\u0644\u0627\u0644 \u0648\u0627\u062c\u0647\u0629 \u062a\u0633\u062c\u064a\u0644 \u0627\u0644\u062f\u062e\u0648\u0644 \u0627\u0644\u0642\u064a\u0627\u0633\u064a\u0629 \u0645\u0646 Sitecore \u063a\u064a\u0631 \u0645\u0645\u0643\u0646\u0629. \u0648\u0645\u0639 \u0630\u0644\u0643\u060c \u0648\u062c\u062f \u0627\u0644\u0628\u0627\u062d\u062b\u0648\u0646 \u0637\u0631\u064a\u0642\u0629 \u0644\u062a\u062c\u0627\u0648\u0632 \u0641\u062d\u0635 \u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0645\u0637\u0644\u0648\u0628 \u0644\u0644\u0645\u0635\u0627\u062f\u0642\u0629 \u0627\u0644\u0646\u0627\u062c\u062d\u0629 (\u0644\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644\u060c \u0631\u0627\u062c\u0639 <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/labs.watchtowr.com\/is-b-for-backdoor-pre-auth-rce-chain-in-sitecore-experience-platform\/\">\u0627\u0644\u0628\u062d\u062b<\/a> \u0627\u0644\u0623\u0635\u0644\u064a). \u0648\u0646\u062a\u064a\u062c\u0629 \u0644\u0630\u0644\u0643\u060c \u064a\u062d\u0635\u0644 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0639\u0644\u0649 \u0645\u0644\u0641 \u062a\u0639\u0631\u064a\u0641 \u0627\u0631\u062a\u0628\u0627\u0637 \u0644\u0644\u062c\u0644\u0633\u0629 \u0635\u0627\u0644\u062d. \u0648\u0644\u0627 \u064a\u0632\u0627\u0644\u0648\u0646 \u0644\u0627 \u064a\u0645\u062a\u0644\u0643\u0648\u0646 \u062d\u0642\u0648\u0642 \u0627\u0644\u0645\u0633\u0624\u0648\u0644\u060c \u0644\u0643\u0646 \u064a\u0645\u0643\u0646 \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0645\u0644\u0641 \u062a\u0639\u0631\u064a\u0641 \u0627\u0644\u0627\u0631\u062a\u0628\u0627\u0637 \u0647\u0630\u0627 \u0644\u0634\u0646 \u0647\u062c\u0645\u0627\u062a \u0623\u062e\u0631\u0649.<\/p>\n<h2>CVE-2025-34510 \u2013 \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u0641\u064a \u0623\u062f\u0627\u0629 \u062a\u062d\u0645\u064a\u0644 \u0627\u0644\u0645\u0644\u0641\u0627\u062a \u0645\u0646 Sitecore<\/h2>\n<p>\u0644\u062f\u0649 Sitecore \u0622\u0644\u064a\u0629 \u062a\u062d\u0645\u064a\u0644 \u0627\u0644\u0645\u0644\u0641\u0627\u062a \u064a\u0645\u0643\u0646 \u0644\u0623\u064a \u0645\u0633\u062a\u062e\u062f\u0645 \u0645\u0635\u0631\u062d \u0644\u0647 \u0627\u0633\u062a\u062e\u062f\u0627\u0645\u0647\u0627. \u0648\u0644\u0630\u0627\u060c \u0639\u0646 \u0637\u0631\u064a\u0642 \u0627\u0645\u062a\u0644\u0627\u0643 \u0645\u0644\u0641 \u062a\u0639\u0631\u064a\u0641 \u0627\u0631\u062a\u0628\u0627\u0637 \u062c\u0644\u0633\u0629 \u0635\u0627\u0644\u062d\u060c \u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u0625\u0646\u0634\u0627\u0621 \u0637\u0644\u0628 HTTP \u0644\u062a\u062d\u0645\u064a\u0644 \u0623\u0631\u0634\u064a\u0641 ZIP \u0648\u0627\u0633\u062a\u062e\u0631\u0627\u062c\u0647 \u062a\u0644\u0642\u0627\u0626\u064a\u064b\u0627. \u0648\u064a\u062a\u0645\u062b\u0644 \u062c\u0648\u0647\u0631 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 CVE-2025-34510 \u0641\u064a \u0623\u0646\u0647 \u0628\u0633\u0628\u0628 \u0627\u0644\u062e\u0644\u0644 \u0641\u064a \u062a\u0646\u0642\u064a\u0629 \u0627\u0644\u0645\u062f\u062e\u0644\u0627\u062a\u060c \u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u0627\u0644\u0645\u0635\u0631\u062d \u0644\u0647 \u062a\u0646\u0641\u064a\u0630 \u0647\u062c\u0648\u0645 \u0627\u062c\u062a\u064a\u0627\u0632 \u0627\u0644\u0645\u0633\u0627\u0631. \u0648\u064a\u0645\u0643\u0646\u0643 \u0642\u0631\u0627\u0621\u0629 \u0627\u0644\u0645\u0632\u064a\u062f \u0639\u0646 \u0647\u0630\u0627 \u0627\u0644\u0646\u0648\u0639 \u0645\u0646 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u2013 \u0627\u0644\u0645\u0639\u0631\u0648\u0641\u0629 \u0628\u0627\u0633\u0645 Zip Slip \u2013 \u0641\u064a <a target=\"_blank\" href=\"https:\/\/www.kaspersky.com\/blog\/archive-and-disk-image-threats-and-security-policies\/53295\/\" rel=\"noopener nofollow\">\u0645\u0646\u0634\u0648\u0631\u0646\u0627 \u0639\u0646 \u0645\u0639\u0627\u0644\u062c\u0629 \u0645\u0644\u0641\u0627\u062a ZIP<\/a>. \u0648\u0641\u064a \u0627\u0644\u0623\u0633\u0627\u0633\u060c \u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u0627\u0633\u062a\u062e\u0631\u0627\u062c \u0627\u0644\u0623\u0631\u0634\u064a\u0641 \u0625\u0644\u0649 \u0623\u064a \u0645\u0643\u0627\u0646 \u2013 \u0639\u0644\u0649 \u0633\u0628\u064a\u0644 \u0627\u0644\u0645\u062b\u0627\u0644\u060c \u0627\u0644\u0645\u062c\u0644\u062f \u0627\u0644\u062c\u0630\u0631 \u0644\u0645\u0648\u0642\u0639 \u0627\u0644\u0648\u064a\u0628. \u0648\u0628\u0647\u0630\u0647 \u0627\u0644\u0637\u0631\u064a\u0642\u0629\u060c \u064a\u0633\u062a\u0637\u064a\u0639 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u062a\u062d\u0645\u064a\u0644 \u0623\u064a \u0634\u064a\u0621 \u2013 \u0645\u062b\u0644 <a target=\"_blank\" href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/web-shell\/\" rel=\"noopener\">\u063a\u0644\u0627\u0641 \u0627\u0644\u0648\u064a\u0628 (web shell)<\/a> \u0627\u0644\u062e\u0627\u0635 \u0628\u0647.<\/p>\n<h2>CVE-2025-34511 \u2013 \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u0641\u064a \u0623\u062f\u0627\u0629 \u062a\u062d\u0645\u064a\u0644 \u0627\u0644\u0645\u0644\u0641\u0627\u062a \u0641\u064a \u0627\u0644\u0648\u062d\u062f\u0629 \u0627\u0644\u0646\u0645\u0637\u064a\u0629 Sitecore PowerShell Extensions<\/h2>\n<p>\u062a\u0645\u062b\u0644 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 CVE-2025-34511 \u0637\u0631\u064a\u0642\u0629 \u0628\u062f\u064a\u0644\u0629 \u0644\u0627\u062e\u062a\u0631\u0627\u0642 Sitecore. \u0648\u062a\u0648\u062c\u062f \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0641\u064a \u0627\u0644\u0648\u062d\u062f\u0629 \u0627\u0644\u0646\u0645\u0637\u064a\u0629 Sitecore PowerShell Extensions\u060c \u0627\u0644\u062a\u064a \u062a\u0639\u062f \u0645\u0637\u0644\u0648\u0628\u0629 \u0644\u0643\u064a \u064a\u0639\u0645\u0644 \u0639\u062f\u062f \u0645\u0646 \u0627\u0645\u062a\u062f\u0627\u062f\u0627\u062a Sitecore \u2013 \u0639\u0644\u0649 \u0633\u0628\u064a\u0644 \u0627\u0644\u0645\u062b\u0627\u0644\u060c Sitecore Experience Accelerator\u060c \u0648\u0647\u0648 \u0623\u062d\u062f \u0623\u0643\u062b\u0631 \u0627\u0644\u0627\u0645\u062a\u062f\u0627\u062f\u0627\u062a \u0634\u064a\u0648\u0639\u064b\u0627 \u0644\u0646\u0638\u0627\u0645 \u0625\u062f\u0627\u0631\u0629 \u0627\u0644\u0645\u062d\u062a\u0648\u0649 \u0647\u0630\u0627.<\/p>\n<p>\u0628\u0634\u0643\u0644 \u0623\u0633\u0627\u0633\u064a\u060c \u062a\u0639\u0645\u0644 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0628\u0627\u0644\u0637\u0631\u064a\u0642\u0629 \u0646\u0641\u0633\u0647\u0627 \u0627\u0644\u062a\u064a \u062a\u0639\u0645\u0644 \u0628\u0647\u0627 \u062b\u063a\u0631\u0629 CVE-2025-34510\u060c \u0644\u0643\u0646 \u0628\u0634\u0643\u0644 \u0623\u0628\u0633\u0637 \u0642\u0644\u064a\u0644\u0627\u064b. \u0648\u064a\u062d\u062a\u0648\u064a \u0627\u0645\u062a\u062f\u0627\u062f Sitecore PowerShell \u0623\u064a\u0636\u064b\u0627 \u0639\u0644\u0649 \u0622\u0644\u064a\u0629 \u062a\u062d\u0645\u064a\u0644 \u0627\u0644\u0645\u0644\u0641\u0627\u062a \u0627\u0644\u062e\u0627\u0635\u0629 \u0628\u0647\u060c \u0627\u0644\u062a\u064a \u064a\u0645\u0643\u0646 \u0627\u0633\u062a\u063a\u0644\u0627\u0644\u0647\u0627 \u0628\u0648\u0627\u0633\u0637\u0629 \u0645\u0633\u062a\u062e\u062f\u0645 \u0645\u0635\u0631\u062d \u0644\u0647. \u0648\u0645\u0646 \u062e\u0644\u0627\u0644 \u0637\u0644\u0628\u0627\u062a HTTP\u060c \u064a\u0633\u062a\u0637\u064a\u0639 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u062a\u062d\u0645\u064a\u0644 \u0623\u064a \u0645\u0644\u0641 \u0628\u0623\u064a \u0627\u0645\u062a\u062f\u0627\u062f \u0625\u0644\u0649 \u0646\u0638\u0627\u0645 \u0625\u062f\u0627\u0631\u0629 \u0627\u0644\u0645\u062d\u062a\u0648\u0649\u060c \u0648\u062d\u0641\u0638\u0647 \u0641\u064a \u0623\u064a \u062f\u0644\u064a\u0644 \u0639\u0644\u0649 \u0645\u0648\u0642\u0639 \u0627\u0644\u0648\u064a\u0628. \u0648\u0647\u0630\u0627 \u064a\u0639\u0646\u064a \u0623\u0646\u0647 \u0639\u062f\u0645 \u0627\u0644\u062d\u0627\u062c\u0629 \u0625\u0644\u0649 \u0625\u0639\u062f\u0627\u062f \u0623\u0631\u0634\u064a\u0641 \u0648\u0645\u0633\u0627\u0631 ZIP \u0645\u062e\u0635\u0635\u064a\u0646\u060c \u0648\u0627\u0644\u0646\u062a\u064a\u062c\u0629 \u0648\u0627\u062d\u062f\u0629 \u0641\u064a \u0627\u0644\u0623\u0633\u0627\u0633: \u062a\u062d\u0645\u064a\u0644 \u063a\u0644\u0627\u0641 \u0648\u064a\u0628.<\/p>\n<h2>\u0643\u064a\u0641\u064a\u0629 \u0627\u0644\u062d\u0645\u0627\u064a\u0629 \u0645\u0646 \u0627\u0644\u0647\u062c\u0645\u0627\u062a \u0639\u0644\u0649 Sitecore Experience Platform<\/h2>\n<p>\u062a\u0645 \u0625\u0635\u062f\u0627\u0631 \u062a\u0635\u062d\u064a\u062d\u0627\u062a \u0644\u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0627\u0644\u062b\u0644\u0627\u062b\u0629 \u0645\u0631\u0629 \u0623\u062e\u0631\u0649 \u0641\u064a \u0645\u0627\u064a\u0648 2025. \u0648\u0625\u0630\u0627 \u0643\u0627\u0646\u062a \u0634\u0631\u0643\u062a\u0643 \u062a\u0633\u062a\u062e\u062f\u0645 Sitecore\u060c \u062e\u0627\u0635\u0629\u064b \u0645\u0639 \u0627\u0645\u062a\u062f\u0627\u062f\u0627\u062a Sitecore PowerShell\u060c \u0641\u0646\u062d\u0646 \u0646\u0648\u0635\u064a \u0628\u062a\u062d\u062f\u064a\u062b \u0646\u0638\u0627\u0645 \u0625\u062f\u0627\u0631\u0629 \u0627\u0644\u0645\u062d\u062a\u0648\u0649 \u0641\u064a \u0623\u0642\u0631\u0628 \u0648\u0642\u062a \u0645\u0645\u0643\u0646. \u0648\u0648\u0641\u0642\u064b\u0627 \u0644\u0623\u0648\u0635\u0627\u0641 NIST\u060c \u062a\u0624\u062b\u0631 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 CVE-2025-34509 \u0639\u0644\u0649 \u0625\u0635\u062f\u0627\u0631\u0627\u062a Sitecore Experience Manager \u0648Experience Platform \u0645\u0646 10.1 \u0625\u0644\u0649 10.1.4 rev. 011974 PRE\u061b \u0648\u062c\u0645\u064a\u0639 \u0645\u062a\u063a\u064a\u0631\u0627\u062a 10.2\u061b \u0645\u0646 10.3 \u062d\u062a\u0649 10.3.3 rev. 011967 PRE\u061b \u0648\u0645\u0646 10.4 \u062d\u062a\u0649 10.4.1 rev. 011941 PRE. \u0648\u062a\u0648\u062c\u062f \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 CVE-2025-34510 \u0641\u064a \u0625\u0635\u062f\u0627\u0631\u0627\u062a Experience Manager \u0648Experience Platform \u0648Experience Commerce \u0645\u0646 9.0 \u062d\u062a\u0649 9.3\u060c \u0648\u0645\u0646 10.0 \u062d\u062a\u0649 10.4. \u0648\u0623\u062e\u064a\u0631\u064b\u0627\u060c \u062a\u0624\u062b\u0631 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 CVE-2025-34511 \u0639\u0644\u0649 \u062c\u0645\u064a\u0639 \u0625\u0635\u062f\u0627\u0631\u0627\u062a Sitecore PowerShell Extensions \u062d\u062a\u0649 \u0627\u0644\u0625\u0635\u062f\u0627\u0631 7.0.<\/p>\n<p>\u064a\u0632\u0639\u0645 \u0627\u0644\u0628\u0627\u062d\u062b\u0648\u0646 \u0627\u0644\u0630\u064a\u0646 \u0627\u0643\u062a\u0634\u0641\u0648\u0627 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0623\u0646\u0647\u0645 \u0643\u0627\u0646\u0648\u0627 \u0639\u0644\u0649 \u062f\u0631\u0627\u064a\u0629 \u0628\u0623\u0631\u0628\u0639 \u062b\u063a\u0631\u0627\u062a \u0623\u0645\u0646\u064a\u0629 \u0623\u062e\u0631\u0649 \u0623\u0643\u062b\u0631 \u062e\u0637\u0648\u0631\u0629. \u0648\u0645\u0639 \u0630\u0644\u0643\u060c \u0628\u0645\u0627 \u0623\u0646 \u0627\u0644\u062a\u0635\u062d\u064a\u062d\u0627\u062a \u0644\u064a\u0633\u062a \u062c\u0627\u0647\u0632\u0629 \u0628\u0639\u062f\u060c \u0641\u0642\u062f \u0642\u0627\u0644\u0648\u0627 \u0625\u0646\u0647\u0645 \u0633\u064a\u0643\u0634\u0641\u0648\u0646 \u0639\u0646 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0644\u0627\u062d\u0642\u064b\u0627. \u0648\u0628\u0646\u0627\u0621\u064b \u0639\u0644\u064a\u0647\u060c \u0646\u0648\u0635\u064a \u0628\u0645\u062a\u0627\u0628\u0639\u0629 \u0627\u0644\u062a\u062d\u062f\u064a\u062b\u0627\u062a \u0627\u0644\u0642\u0627\u062f\u0645\u0629 \u0645\u0646 \u0645\u0637\u0648\u0631\u064a Sitecore.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kaspersky-next\">\n","protected":false},"excerpt":{"rendered":"<p>\u0627\u0643\u062a\u0634\u0641 \u0628\u0627\u062d\u062b\u0648\u0646 \u0639\u062f\u0629 \u062b\u063a\u0631\u0627\u062a \u0623\u0645\u0646\u064a\u0629 \u0641\u064a \u0645\u0646\u0635\u0629 Sitecore CMS \u062a\u0633\u0645\u062d \u0628\u062a\u0646\u0641\u064a\u0630 \u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0628\u0631\u0645\u062c\u064a\u0629 \u0639\u0646 \u0628\u064f\u0639\u062f \u062f\u0648\u0646 \u0645\u0635\u0627\u062f\u0642\u0629 (RCE).<\/p>\n","protected":false},"author":2726,"featured_media":12541,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[892,893,631],"tags":[484,991,565,1519,1290,348,2104,2234],"class_list":{"0":"post-12540","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-enterprise","8":"category-smb","9":"category-business","10":"tag-484","11":"tag-991","12":"tag-565","13":"tag-1519","14":"tag-1290","15":"tag-348","16":"tag-2104","17":"tag-2234"},"hreflang":[{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/vulnerabilities-sitecore-experience-platform\/12540\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/vulnerabilities-sitecore-experience-platform\/28979\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/vulnerabilities-sitecore-experience-platform\/24209\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/vulnerabilities-sitecore-experience-platform\/29090\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/vulnerabilities-sitecore-experience-platform\/28274\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/vulnerabilities-sitecore-experience-platform\/31096\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/vulnerabilities-sitecore-experience-platform\/39950\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/vulnerabilities-sitecore-experience-platform\/13501\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/vulnerabilities-sitecore-experience-platform\/53683\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/vulnerabilities-sitecore-experience-platform\/22920\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/vulnerabilities-sitecore-experience-platform\/23953\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/vulnerabilities-sitecore-experience-platform\/32365\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/vulnerabilities-sitecore-experience-platform\/29308\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/vulnerabilities-sitecore-experience-platform\/35017\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/vulnerabilities-sitecore-experience-platform\/34656\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me.kaspersky.com\/blog\/tag\/%d8%a7%d9%84%d8%ab%d8%ba%d8%b1%d8%a7%d8%aa-%d8%a7%d9%84%d8%a3%d9%85%d9%86%d9%8a%d8%a9\/","name":"\u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629"},"_links":{"self":[{"href":"https:\/\/me.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/12540","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2726"}],"replies":[{"embeddable":true,"href":"https:\/\/me.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=12540"}],"version-history":[{"count":2,"href":"https:\/\/me.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/12540\/revisions"}],"predecessor-version":[{"id":12547,"href":"https:\/\/me.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/12540\/revisions\/12547"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/12541"}],"wp:attachment":[{"href":"https:\/\/me.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=12540"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=12540"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=12540"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}