CVE-2025-2747
Published Mar 24, 2025
Last updated 4 days ago
- Description
- An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.178.
- Source
- disclosure@vulncheck.com
- NVD status
- Analyzed
- Products
- xperience
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability
- Exploit added on
- Oct 20, 2025
- Exploit action due
- Nov 10, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- disclosure@vulncheck.com
- CWE-288
- Hype score
- Not currently trending
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-2747 #Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability https://t.co/fPybAGQbfl
@ScyScan
20 Oct 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA just added five known exploited vulnerabilities to their catalog: ▪ CVE-2022-48503 Apple Multiple Products Unspecified Vulnerability ▪ CVE-2025-2746 Kentico Xperience Staging Sync Server Digest Password Authentication Bypass Vulnerability ▪ CVE-2025-2747 Kentic
@IntCyberDigest
20 Oct 2025
4098 Impressions
7 Retweets
31 Likes
7 Bookmarks
0 Replies
0 Quotes
Ctaes Security News 2 new CVE's added to Hackervillage :THREAT INTELLIGENCE REPORT APRIL 1 - APRIL 7 2025 New Threat Detection Added2 - Kentico Xperience CMS Authentication Bypass (CVE-2025-2747) , Ivanti Connect Secure Buffer Overflow (CVE-2025-22457)
@Ctaesandriod2
13 May 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴New attack report🔴 ➡️ Kentico Xperience Staging Service Authentication Bypass Vulnerabilities (CVE-2025-2746 & CVE-2025-2747) #cybersecurity #attackreport #iocs #securitricks #threats https://t.co/GbSbvZdBEQ
@SecuriTricks
26 Mar 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-2747 ⚠️🔴 CRITICAL (9.8) 🏢 Kentico - Xperience 🏗️ 0 🔗 https://t.co/6SellumW1y 🔗 https://t.co/FWBcbtoLpv 🔗 https://t.co/py61mkjQS9 #CyberCron #VulnAlert #InfoSec https://t.co/xGzuuf079i
@cybercronai
26 Mar 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical alert: Kentico Xperience CMS has a severe auth bypass flaw (CVE-2025-2747, CVSS 9.8) in Staging Sync Server. Attackers can gain admin access - patch now or disable the service. Details: https://t.co/xYhF4P4lfr #CVE-2025-2747
@RedTeamNewsBlog
24 Mar 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-2747: CRITICAL] Kentico Xperience vulnerability allows authentication bypass through Staging Sync Server None password handling, impacting versions up to 13.0.178. Risks: Admin control.#cybersecurity,#vulnerability https://t.co/9mPlBI78jl https://t.co/FnfUYDgUiG
@CveFindCom
24 Mar 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kentico:xperience:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BC749CC3-7A20-49C8-89FB-775818670734",
"versionEndIncluding": "13.0.178"
}
],
"operator": "OR"
}
]
}
]