CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-2746

An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server password handling of empty SHA1 usernames in digest authentication. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.172.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.665

EPSS Ranking 98.5%

CVSS Severity

CVSS v3 Score 9.8

Proposed Action

Kentico Xperience CMS contains an authentication bypass using an alternate path or channel vulnerability that could allow an attacker to control administrative objects.

Ransomware Campaign

Unknown

References

Products affected by CVE-2025-2746

Kentico » Xperience » Version: 13.0.165

cpe:2.3:a:kentico:xperience:13.0.165
Kentico » Xperience » Version: 13.0.166

cpe:2.3:a:kentico:xperience:13.0.166
Kentico » Xperience » Version: 13.0.167

cpe:2.3:a:kentico:xperience:13.0.167
Kentico » Xperience » Version: 13.0.168

cpe:2.3:a:kentico:xperience:13.0.168
Kentico » Xperience » Version: 13.0.169

cpe:2.3:a:kentico:xperience:13.0.169
Kentico » Xperience » Version: 13.0.170

cpe:2.3:a:kentico:xperience:13.0.170
Kentico » Xperience » Version: 13.0.171

cpe:2.3:a:kentico:xperience:13.0.171
Kentico » Xperience » Version: 13.0.172

cpe:2.3:a:kentico:xperience:13.0.172

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-2746

Products

Pricing

Contact Us