CRITICAL🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2025-2747

CVSS 9.8v3.1pub. 2025-03-24upd. 2025-11-06

An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.178.

🤖 AI Analysis
How it works

The Staging Sync Server component in Kentico Xperience improperly handles password verification for servers configured with the 'None' authentication type. An attacker can exploit this vulnerability (CWE-288 — Authentication Bypass Using an Alternate Path or Channel) without any privileges, remotely and without user interaction. As a result, the authentication mechanism is completely bypassed, giving the attacker access to the administrative interface. According to available references, the vulnerability may be part of a chain leading to remote code execution (RCE).

Impact

An attacker gains unauthorized control over CMS administrative objects, which can lead to complete system takeover, content modification, data theft, and potential code execution on the server (RCE).

Mitigation & patch

The hotfix available from the manufacturer at https://devnet.kentico.com/download/hotfixes must be applied immediately. It is recommended to update to a version higher than 13.0.178. Until the patch is deployed, consider restricting network access to the Staging Sync Server component at the firewall level.

Who is affected

Kentico Xperience in versions up to and including 13.0.178.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Kentico Xperience

    APP
    Kentico
    ≤ 13.0.178

CISA KEV — detailsi

Vendori
Kentico
Producti
Xperience CMS
Added to KEVi
October 20, 2025
Remediation deadline (US Federal)i
November 10, 2025(overdue)
Required action (CISA)i

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

Kentico Xperience CMS contains an authentication bypass using an alternate path or channel vulnerability that could allow an attacker to control administrative objects.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 10 listopada 2025
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2025-2746CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Kentico Xperience – pominięcie uwierzytelnienia w Staging Sync Server

CVE-2019-10068CRITICAL9.8⚠ KEVten sam produkt

An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9....

CVE-2019-12102CRITICAL9.1ten sam produkt

Kentico 11 through 12 lets attackers upload and explore files without authentication via the cmsmodules/medial...

CVE-2017-17736CRITICAL9.8ten sam produkt

Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote attackers to obtain Global Administrator acces...

CVE-2025-2749HIGH7.2⚠ KEVten sam produkt

An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to ...