CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-2747

An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.178.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.805

EPSS Ranking 99.1%

CVSS Severity

CVSS v3 Score 9.8

Proposed Action

Kentico Xperience CMS contains an authentication bypass using an alternate path or channel vulnerability that could allow an attacker to control administrative objects.

Ransomware Campaign

Unknown

References

Products affected by CVE-2025-2747

Kentico » Xperience » Version: 13.0.165

cpe:2.3:a:kentico:xperience:13.0.165
Kentico » Xperience » Version: 13.0.166

cpe:2.3:a:kentico:xperience:13.0.166
Kentico » Xperience » Version: 13.0.167

cpe:2.3:a:kentico:xperience:13.0.167
Kentico » Xperience » Version: 13.0.168

cpe:2.3:a:kentico:xperience:13.0.168
Kentico » Xperience » Version: 13.0.169

cpe:2.3:a:kentico:xperience:13.0.169
Kentico » Xperience » Version: 13.0.170

cpe:2.3:a:kentico:xperience:13.0.170
Kentico » Xperience » Version: 13.0.171

cpe:2.3:a:kentico:xperience:13.0.171
Kentico » Xperience » Version: 13.0.172

cpe:2.3:a:kentico:xperience:13.0.172
Kentico » Xperience » Version: 13.0.173

cpe:2.3:a:kentico:xperience:13.0.173
Kentico » Xperience » Version: 13.0.174

cpe:2.3:a:kentico:xperience:13.0.174
Kentico » Xperience » Version: 13.0.175

cpe:2.3:a:kentico:xperience:13.0.175
Kentico » Xperience » Version: 13.0.176

cpe:2.3:a:kentico:xperience:13.0.176
Kentico » Xperience » Version: 13.0.177

cpe:2.3:a:kentico:xperience:13.0.177
Kentico » Xperience » Version: 13.0.178

cpe:2.3:a:kentico:xperience:13.0.178

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-2747

Products

Pricing

Contact Us