CVE-2025-2747

Published Mar 24, 2025

Last updated 3 months ago

CVSS critical 9.8

Overview

Description
An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.178.
Source
disclosure@vulncheck.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

disclosure@vulncheck.com
CWE-287

Social media

Hype score
Not currently trending

  1. Ctaes Security News 2 new CVE's added to Hackervillage :THREAT INTELLIGENCE REPORT APRIL 1 - APRIL 7 2025 New Threat Detection Added2 - Kentico Xperience CMS Authentication Bypass (CVE-2025-2747) , Ivanti Connect Secure Buffer Overflow (CVE-2025-22457)

    @Ctaesandriod2

    13 May 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🔴New attack report🔴 ➡️ Kentico Xperience Staging Service Authentication Bypass Vulnerabilities (CVE-2025-2746 & CVE-2025-2747) #cybersecurity #attackreport #iocs #securitricks #threats https://t.co/GbSbvZdBEQ

    @SecuriTricks

    26 Mar 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 CVE-2025-2747 ⚠️🔴 CRITICAL (9.8) 🏢 Kentico - Xperience 🏗️ 0 🔗 https://t.co/6SellumW1y 🔗 https://t.co/FWBcbtoLpv 🔗 https://t.co/py61mkjQS9 #CyberCron #VulnAlert #InfoSec https://t.co/xGzuuf079i

    @cybercronai

    26 Mar 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Critical alert: Kentico Xperience CMS has a severe auth bypass flaw (CVE-2025-2747, CVSS 9.8) in Staging Sync Server. Attackers can gain admin access - patch now or disable the service. Details: https://t.co/xYhF4P4lfr #CVE-2025-2747

    @RedTeamNewsBlog

    24 Mar 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. [CVE-2025-2747: CRITICAL] Kentico Xperience vulnerability allows authentication bypass through Staging Sync Server None password handling, impacting versions up to 13.0.178. Risks: Admin control.#cybersecurity,#vulnerability https://t.co/9mPlBI78jl https://t.co/FnfUYDgUiG

    @CveFindCom

    24 Mar 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.