- Description
- An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.178.
- Source
- disclosure@vulncheck.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- disclosure@vulncheck.com
- CWE-287
- Hype score
- Not currently trending
🔴New attack report🔴 ➡️ Kentico Xperience Staging Service Authentication Bypass Vulnerabilities (CVE-2025-2746 & CVE-2025-2747) #cybersecurity #attackreport #iocs #securitricks #threats https://t.co/GbSbvZdBEQ
@SecuriTricks
26 Mar 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-2747 ⚠️🔴 CRITICAL (9.8) 🏢 Kentico - Xperience 🏗️ 0 🔗 https://t.co/6SellumW1y 🔗 https://t.co/FWBcbtoLpv 🔗 https://t.co/py61mkjQS9 #CyberCron #VulnAlert #InfoSec https://t.co/xGzuuf079i
@cybercronai
26 Mar 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical alert: Kentico Xperience CMS has a severe auth bypass flaw (CVE-2025-2747, CVSS 9.8) in Staging Sync Server. Attackers can gain admin access - patch now or disable the service. Details: https://t.co/xYhF4P4lfr #CVE-2025-2747
@RedTeamNewsBlog
24 Mar 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-2747: CRITICAL] Kentico Xperience vulnerability allows authentication bypass through Staging Sync Server None password handling, impacting versions up to 13.0.178. Risks: Admin control.#cybersecurity,#vulnerability https://t.co/9mPlBI78jl https://t.co/FnfUYDgUiG
@CveFindCom
24 Mar 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes