🔴 CVE-2025-2746

Authentication bypass vulnerability in Kentico Xperience CMS allows attackers to control administrative objects via empty SHA1 username handling in digest authentication. The vulnerability is actively exploited and affects internet-facing CMS deployments.

← Back to Overview
HIGH_RISK
Risk Level
9.8
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 — Exploit Public-Facing Application
ATT&CK Technique
HIGH
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-03-24

Added to CISA KEV: 2025-10-20 210 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2025-2746 is a critical authentication bypass vulnerability affecting Kentico Xperience [5]. It has been confirmed as being exploited in the wild, leading to its inclusion in CISA’s Known Exploited Vulnerabilities (KEV) Catalog [1] [6].

Vulnerability Overview
  • Nature of Vulnerability: An authentication bypass flaw located in the Staging Sync Server component of Kentico Xperience [3].
  • Root Cause: The vulnerability stems from the improper handling of empty SHA1 usernames during digest authentication [3] [4].
  • Impact: Successful exploitation allows an attacker to bypass authentication and gain unauthorized administrative access to the affected Kentico Xperience instance [1] [4]. This can lead to full system control, data breaches, or further malicious activities [2].
Exploitation and Attack Details
  • Active Exploitation: The vulnerability was confirmed to be exploited in the wild as of October 2025 [1].
  • Requirements:
* Configuration: The vulnerability specifically affects instances where the staging feature is enabled and configured to use username/password authentication [2]. * Exclusions: Instances using X.509 certificate-based authentication are not vulnerable [2].
  • Threat Actor Usage: While the vulnerability is confirmed to be exploited in the wild, specific threat actor attribution for this CVE has not been widely publicized in the available reports.
  • Ransomware/Targeted Attacks: The vulnerability is considered high-impact, affecting all aspects of the CIA triad (confidentiality, integrity, and availability) [1]. It is often discussed alongside other critical vulnerabilities (such as CVE-2025-2749, which can lead to remote code execution), increasing the overall risk of severe compromise [1].
Affected Versions and Mitigation
  • Affected Versions: Kentico Xperience versions up to and including 13.0.172 are known to be affected [4].
  • Patch Status: A fix is available via Kentico Hotfix 13.0.173 [2]. Users are strongly advised to apply the latest patches provided by the vendor to mitigate this risk.

Sources

  1. Warning: Multiple Critical & High

    Exploiting CVE-2025-2746 or CVE-2025-2747 could allow threat actors to bypass password authentication in the staging Sync Server component, which could escalate to gaining unauthorized administrative access. ... Exploiting CVE-2025-2749 can allow threat actors to upload arbitrary files to any path l…

  2. CVE-2025-2746 - Authentication Bypass in Kentico Xperience... - IONIX

    This vulnerability can be exploited to gain full control over affected Xperience instances, specifically those with staging enabled and configured to use username and password authentication. Instances using X.509 certificate-based authentication are not affected. The findings are detailed in this p…

  3. NVD - CVE-2025-2746

    Secure .gov websites use HTTPS A lock () or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites. ... An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server password han…

  4. CVE-2025-2746 Description, Impact and Technical Details

    CVE-2025-2746 is a newly identified vulnerability in Kentico Xperience that enables authentication bypass. This issue arises due to the Staging Sync Server's flawed handling of empty SHA1 usernames in digest authentication. The bypass of authentication grants attackers administrative control over th…

  5. CVE-2025-2746 - Exploits & Severity - Feedly

    Mar 24, 2025 at 12:21 PM Threat Intelligence Report CVE-2025-2746 is a critical authentication bypass vulnerability in Kentico Xperience CMS, with a CVSS score of 9.8, allowing attackers to bypass authentication through improper handling of empty SHA1 usernames in the Staging Sync Server component.

  6. CISA Adds Five Known Exploited Vulnerabilities to Catalog

    CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. ... CISA has added five new vulnerabilities to its KEV Catalog, based on evidence of active exploitation.

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed