CVE-2025-2746 | THREATINT

Description

An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server password handling of empty SHA1 usernames in digest authentication. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.172.

PUBLISHED Reserved 2025-03-24 | Published 2025-03-24 | Updated 2025-10-21 | Assigner VulnCheck

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA Known Exploited Vulnerability

Date added 2025-10-20 | Due date 2025-11-10

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Problem types

CWE-288 Authentication Bypass Using an Alternate Path or Channel

Product status

Default status

unaffected

Any version

affected

Credits

Piotr Bazydlo (watchTowr) finder

References

labs.watchtowr.com/...-rce-chain-s-in-kentico-xperience-cms/ technical-description exploit

devnet.kentico.com/download/hotfixes vendor-advisory

github.com/...bs/kentico-xperience13-AuthBypass-wt-2025-0011 exploit

cve.org (CVE-2025-2746)

nvd.nist.gov (CVE-2025-2746)

Download JSON