CVE-2025-2746: Kentico Xperience Staging Sync Server digest password authentication bypass

9.8 CVSS

Description

An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server password handling of empty SHA1 usernames in digest authentication. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.172.

Classification

CVE ID: CVE-2025-2746

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.8

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem Types

CWE-287 Improper Authentication

Affected Products

Vendor: Kentico

Product: Xperience

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.12% (probability of being exploited)

EPSS Percentile: 31.78% (scored less or equal to compared to others)

EPSS Date: 2025-04-18 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-2746
https://labs.watchtowr.com/bypassing-authentication-like-its-the-90s-pre-auth-rce-chain-s-in-kentico-xperience-cms/
https://devnet.kentico.com/download/hotfixes
https://github.com/watchtowrlabs/kentico-xperience13-AuthBypass-wt-2025-0011

Timeline

2025-03-24 19:40:24 UTC
CVE

Kentico Xperience Staging Sync Server digest password authentication bypass