CVE-2025-2749NVD

Vulnerability Summary

An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrary data to path relative locations. This results in path traversal and arbitrary file upload, including content that can be executed server side leading to remote code execution.This issue affects Kentico Xperience through 13.0.178.

Severity Level

HIGH(7.2)

Published Date

Mar 24, 2025

Last Modified

Apr 21, 2026

Exploitation Status

ACTIVE

EPSS Score (30-Day)

4.90%Probability

Root Weakness (CWE)

CWE-22: Path Traversal ↗

The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredHigh

User InteractionNone

ScopeUnchanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

https://devnet.kentico.com/download/hotfixes
https://labs.watchtowr.com/bypassing-authentication-like-its-the-90s-pre-auth-rce-chain-s-in-kentico-xperience-cms/
https://www.vulncheck.com/advisories/kentico-xperience-staging-media-file-upload-authenticated-rce
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-2749