vulnerability
Kentico Xperience: CVE-2025-2746: Authentication Bypass Using an Alternate Path or Channel
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Mar 24, 2025 | Oct 23, 2025 | Oct 23, 2025 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Mar 24, 2025
Added
Oct 23, 2025
Modified
Oct 23, 2025
Description
An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server password handling of empty SHA1 usernames in digest authentication. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.172.
Solution
kentico-xperience-upgrade-latest
References
- CVE-2025-2746
- https://attackerkb.com/topics/CVE-2025-2746
- URL-https://devnet.kentico.com/download/hotfixes
- URL-https://github.com/watchtowrlabs/kentico-xperience13-AuthBypass-wt-2025-0011
- URL-https://labs.watchtowr.com/bypassing-authentication-like-its-the-90s-pre-auth-rce-chain-s-in-kentico-xperience-cms/
- CWE-288
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.