CVE-2015-10142

UNKNOWN 0.0

Sitecore XP < 8.0 and CMS < 7.2 and < 7.5 File Read via Known Path

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Sitecore Experience Platform (XP) prior to 8.0 Initial Release (rev. 141212) and Content Management System (CMS) prior to 7.2 Update-3 (rev. 141226) and prior to 7.5 Update-1 (rev. 150130) contain a vulnerability that may allow an attacker to download files under the web root of the site when the name of the file is already known via a specially-crafted URL. Affected files do not include .config, .aspx or .cs files. The issue does not allow for directory browsing.

CWE	CWE-610
Vendor	sitecore
Product	experience platform (xp)
Published	Jul 25, 2025
Last Updated	Mar 23, 2026

Stay Ahead of the Next One

Get instant alerts for sitecore experience platform (xp)

Be the first to know when new unknown vulnerabilities affecting sitecore experience platform (xp) are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Sitecore / Experience Platform (XP)

* < 8.0 Initial Release (rev. 141212)

Sitecore / Content Management System (CMS)

* < 7.2 Update-3 (rev. 141226) * < 7.5 Update-1 (rev. 150130)

References

NVD ↗ CVE.org ↗ EPSS Data ↗

support.sitecore.com: https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB0816762 support.sitecore.com: https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1002377 vulncheck.com: https://www.vulncheck.com/advisories/sitecore-xp-cms-file-read-via-known-path

Credits

Sitecore