CVE-2025-2747: Kentico Xperience Staging Sync Server None password type authentication bypass

9.8 CVSS

Description

An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.178.

Classification

CVE ID: CVE-2025-2747

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.8

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem Types

CWE-287 Improper Authentication

Affected Products

Vendor: Kentico

Product: Xperience

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.12% (probability of being exploited)

EPSS Percentile: 31.78% (scored less or equal to compared to others)

EPSS Date: 2025-04-18 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-2747
https://labs.watchtowr.com/bypassing-authentication-like-its-the-90s-pre-auth-rce-chain-s-in-kentico-xperience-cms/
https://devnet.kentico.com/download/hotfixes
https://github.com/watchtowrlabs/kentico-xperience13-AuthBypass-wt-2025-0011

Timeline

2025-03-24 19:40:25 UTC
CVE

Kentico Xperience Staging Sync Server None password type authentication bypass