Authentication Bypass Vulnerability in Kentico Xperience Software
CVE-2025-2747

Currently unrated

Key Information:

Vendor: Kentico
Status: Xperience
Vendor: CVE Published:; 24 March 2025

What is CVE-2025-2747?

The authentication bypass vulnerability in Kentico Xperience arises from improper handling of passwords within the Staging Sync Server component. This flaw allows unauthorized access to administrative objects, significantly compromising the integrity of the application. Affected versions, including Xperience up to 13.0.178, may enable attackers to exploit weaknesses in user authentication, leading to unauthorized manipulation of server resources.

References

https://devnet.kentico.com/download/hotfixes

https://github.com/watchtowrlabs/kentico-xperience13-Auth...

https://labs.watchtowr.com/bypassing-authentication-like-...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 24, 2025