CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-2749: Kentico Xperience Staging media files upload authenticated remote code execution

7.2 CVSS

Description

An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrary data to path relative locations. This results in path traversal and arbitrary file upload, including content that can be executed server side leading to remote code execution.This issue affects Kentico Xperience through 13.0.178.

Classification

CVE ID: CVE-2025-2749

CVSS Base Severity: HIGH

CVSS Base Score: 7.2

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Problem Types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-434 Unrestricted Upload of File with Dangerous Type

Affected Products

Vendor: Kentico

Product: Xperience

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.23% (probability of being exploited)

EPSS Percentile: 45.47% (scored less or equal to compared to others)

EPSS Date: 2025-04-22 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: poc

SSVC Technical Impact: total

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2025-2749
https://labs.watchtowr.com/bypassing-authentication-like-its-the-90s-pre-auth-rce-chain-s-in-kentico-xperience-cms/
https://devnet.kentico.com/download/hotfixes

Timeline

2025-03-24 19:40:26 UTC
CVE

Kentico Xperience Staging media files upload authenticated remote code execution