Information Disclosure in Kentico Xperience Affects Public User Authentication
CVE-2024-58320

6.9MEDIUM

Key Information:

Vendor: Kentico
Status: Xperience
Vendor: CVE Published:; 18 December 2025

What is CVE-2024-58320?

An information disclosure vulnerability exists in Kentico Xperience, enabling unauthorized public access to sensitive hostname details during user authentication. This flaw allows attackers to exploit a public endpoint to gather confidential hostname configuration information, potentially revealing internal network details and increasing the risk of further attacks on the system.

Affected Version(s)

Xperience 0 <= 13.0.159

References

https://devnet.kentico.com/download/hotfixes

vendor-advisorypatch

https://www.vulncheck.com/advisories/kentico-xperience-au...

third-party-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 18, 2025
Vulnerability Reserved
Dec 17, 2025

Credit

Bank of Ayudhya

JSON