CVE-2025-2749

Published Mar 24, 2025

Last updated 8 days ago

CVSS high 7.2

Overview

Description
An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrary data to path relative locations. This results in path traversal and arbitrary file upload, including content that can be executed server side leading to remote code execution.This issue affects Kentico Xperience through 13.0.178.
Source
disclosure@vulncheck.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.2
Impact score
5.9
Exploitability score
1.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

disclosure@vulncheck.com
CWE-22

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2025-2749 🔴 HIGH (7.2) 🏢 Kentico - Xperience 🏗️ 0 🔗 https://t.co/6SellumW1y 🔗 https://t.co/FWBcbtoLpv #CyberCron #VulnAlert #InfoSec https://t.co/W4sdWu9F9G

    @cybercronai

    26 Mar 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References