CVE-2025-2749

Published Mar 24, 2025

Last updated a day ago

CVSS high 7.2
OT

Overview

Description
An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrary data to path relative locations. This results in path traversal and arbitrary file upload, including content that can be executed server side leading to remote code execution.This issue affects Kentico Xperience through 13.0.178.
Source
disclosure@vulncheck.com
NVD status
Analyzed
Products
xperience

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.2
Impact score
5.9
Exploitability score
1.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

disclosure@vulncheck.com
CWE-22

Social media

Hype score
Not currently trending

  1. CISAが既知の悪用された脆弱性8件をカタログに追加 https://t.co/pNkjqAkOwD CVE-2023-27351 PaperCut NG/MF 認証エラーの脆弱性 CVE-2024-27199 JetBrains TeamCity 相対パストラバーサル脆弱性 CVE-2025-2749 Kentico Xperienceのパストラバー

    @cybersecnews_jp

    21 Apr 2026

    136 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    2 Replies

    0 Quotes

  2. Warning: Path traversal vulnerability in #Kentico Xperience. #CVE-2025-2749 CVSS: 7.2. This #actively exploited vulnerability can be used to achieve remote code execution. #RCE! https://t.co/n1npvocidN #Patch #Patch #Patch

    @CCBalert

    21 Apr 2026

    169 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Line 1: Kentico Xperience CMS Authenticated RCE (CVE-2025-2749) Line 2: Affected: Kentico Xperience through v13.0.178 Line 3: Risk: High-severity RCE via path traversal/file upload, requires auth but enables complete compromise Line 4: Actions: Patch immediately, review staging

    @RedHornet_Intel

    21 Apr 2026

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 [HIGH] Active exploitation detected: CVE-2025-2749 Exploit in the wild confirmed for CVE-2025-2749 (CVSS null). Kentico Xperience contains a path traversal vulnerability that could allow an authenticat... 🔗 https://t.co/RZBhpWnHFz #ZeroDay #ExploitInWild #CyberSecurity

    @ctiwatchcloud

    21 Apr 2026

    165 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-2749 #Kentico Xperience Path Traversal Vulnerability https://t.co/rDK0y1TExA

    @ScyScan

    21 Apr 2026

    135 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CISAが既知の悪用された脆弱性8件をカタログに追加 CISA Adds Eight Known Exploited Vulnerabilities to Catalog #CISA (Apr 20) CVE-2023-27351 PaperCut NG/MF 認証エラーの脆弱性 CVE-2024-27199 JetBrains TeamCity 相対パストラバーサル脆弱性 C

    @foxbook

    21 Apr 2026

    376 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🚨 CVE-2025-2749 🔴 HIGH (7.2) 🏢 Kentico - Xperience 🏗️ 0 🔗 https://t.co/6SellumW1y 🔗 https://t.co/FWBcbtoLpv #CyberCron #VulnAlert #InfoSec https://t.co/W4sdWu9F9G

    @cybercronai

    26 Mar 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.CVE-2026-32746
  2. A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system. This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request and reading the file that contains the DCA password from that affected system. A successful exploit could allow the attacker to access another affected system and gain DCA user privileges. Note: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability.CVE-2026-20128
  3. Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor VulnerabilityCVE-2026-20133
  4. A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system. This vulnerability is due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system and gain vmanage user privileges.CVE-2026-20122
  5. The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication.CVE-2026-24790

References

Sources include official advisories and independent security research.