CRITICAL🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2025-2746

CVSS 9.8v3.1pub. 2025-03-24upd. 2025-11-06

An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server password handling of empty SHA1 usernames in digest authentication. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.172.

🤖 AI Analysis
How it works

The vulnerability (CWE-288) consists of improper handling of empty SHA1 usernames during the digest authentication process in the Staging Sync Server component. An attacker without any permissions can send a crafted request with an empty username, which will be incorrectly accepted by the password verification mechanism. As a result, the server bypasses proper identity verification and grants access to protected administrative resources.

Impact

Successful exploitation of the vulnerability allows an unauthenticated attacker to remotely take control of Kentico Xperience administrative objects, which may lead to complete compromise of confidentiality, integrity, and availability of the CMS system.

Mitigation & patch

The hotfix available from the vendor at https://devnet.kentico.com/download/hotfixes should be applied immediately, updating the system above version 13.0.172. Due to confirmed active exploitation and inclusion in the CISA KEV catalog, patch deployment should be treated as a priority.

Who is affected

Kentico Xperience in versions up to and including 13.0.172.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Kentico Xperience

    APP
    Kentico
    ≤ 13.0.172

CISA KEV — detailsi

Vendori
Kentico
Producti
Xperience CMS
Added to KEVi
October 20, 2025
Remediation deadline (US Federal)i
November 10, 2025(overdue)
Required action (CISA)i

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

Kentico Xperience CMS contains an authentication bypass using an alternate path or channel vulnerability that could allow an attacker to control administrative objects.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 10 listopada 2025
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2025-2747CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Kentico Xperience — Authentication Bypass w komponencie Staging Sync Server

CVE-2019-10068CRITICAL9.8⚠ KEVten sam produkt

An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9....

CVE-2019-12102CRITICAL9.1ten sam produkt

Kentico 11 through 12 lets attackers upload and explore files without authentication via the cmsmodules/medial...

CVE-2017-17736CRITICAL9.8ten sam produkt

Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote attackers to obtain Global Administrator acces...

CVE-2025-2749HIGH7.2⚠ KEVten sam produkt

An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to ...