Vulnerability Description
An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server password handling of empty SHA1 usernames in digest authentication. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.172.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kentico | Xperience | <= 13.0.172 |
Related Weaknesses (CWE)
References
- https://devnet.kentico.com/download/hotfixesPatch
- https://github.com/watchtowrlabs/kentico-xperience13-AuthBypass-wt-2025-0011Third Party Advisory
- https://labs.watchtowr.com/bypassing-authentication-like-its-the-90s-pre-auth-rcExploitThird Party Advisory
- https://www.vulncheck.com/advisories/kentico-xperience-staging-sync-server-digesThird Party Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-US Government Resource
FAQ
What is CVE-2025-2746?
CVE-2025-2746 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server password handling of empty SHA1 usernames in digest authentication. Authentication ...
How severe is CVE-2025-2746?
CVE-2025-2746 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-2746?
Check the references section above for vendor advisories and patch information. Affected products include: Kentico Xperience.