CVE-2025-2746
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
24/03/2025
Last modified:
06/11/2025
Description
An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server password handling of empty SHA1 usernames in digest authentication. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.172.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:kentico:xperience:*:*:*:*:*:*:*:* | 13.0.172 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://devnet.kentico.com/download/hotfixes
- https://github.com/watchtowrlabs/kentico-xperience13-AuthBypass-wt-2025-0011
- https://labs.watchtowr.com/bypassing-authentication-like-its-the-90s-pre-auth-rce-chain-s-in-kentico-xperience-cms/
- https://www.vulncheck.com/advisories/kentico-xperience-staging-sync-server-digest-password-authentication-bypass
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-2746