Remote Code Execution Vulnerability in Kentico Xperience
CVE-2025-2749
Key Information:
Badges
What is CVE-2025-2749?
An authenticated vulnerability in Kentico Xperience allows authenticated users to exploit a flaw in the Staging Sync Server, enabling them to upload arbitrary files to relative paths on the server. This flaw poses a serious risk as it facilitates path traversal and arbitrary file uploads, permitting attackers to execute potentially malicious content on the server side.
CISA has reported CVE-2025-2749
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-2749 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Xperience 0 <= 13.0.178
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.