CVE-2025-2746

Published Mar 24, 2025

Last updated 8 days ago

CVSS critical 9.8

Overview

Description
An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server password handling of empty SHA1 usernames in digest authentication. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.172.
Source
disclosure@vulncheck.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

disclosure@vulncheck.com
CWE-287

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. Actively exploited CVE : CVE-2025-2746

    @transilienceai

    2 Apr 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. 🔴New attack report🔴 ➡️ Kentico Xperience Staging Service Authentication Bypass Vulnerabilities (CVE-2025-2746 & CVE-2025-2747) #cybersecurity #attackreport #iocs #securitricks #threats https://t.co/GbSbvZdBEQ

    @SecuriTricks

    26 Mar 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 CVE-2025-2746 ⚠️🔴 CRITICAL (9.8) 🏢 Kentico - Xperience 🏗️ 0 🔗 https://t.co/6SellumW1y 🔗 https://t.co/FWBcbtoLpv 🔗 https://t.co/py61mkjQS9 #CyberCron #VulnAlert #InfoSec https://t.co/GV2aKH9fku

    @cybercronai

    26 Mar 2025

    20 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  4. Warning: 2 critical, 1 high improper authentication in @Kentico #Xperience CVE-2025-2746, 2747, 2749 CVSS: 9.8-7.2. They can lead to privilege escalation and #RCE. @Kentico recommends updating to 13.0.173 & 13.0.178 or disable the Staging Service #Patch https://t.co/ZcYs7WNxa

    @CCBalert

    25 Mar 2025

    283 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Critical auth bypass found in Kentico Xperience CMS (CVE-2025-2746, CVSS 9.8). Affects versions through 13.0.172 - allows attackers to bypass auth via staging service. Patch now or disable if unused. Details: https://t.co/uCyaWXtZwV #CVE-2025-2746

    @RedTeamNewsBlog

    24 Mar 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. [CVE-2025-2746: CRITICAL] Authentication bypass vulnerability in Kentico Xperience allows attackers to control admin objects via empty SHA1 usernames. Patch Xperience version 13.0.172 to stay secure. #cybersecurity,#vulnerability https://t.co/FBmxIlqbcg https://t.co/SF5buiyf2a

    @CveFindCom

    24 Mar 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References