VYPR
Unrated severityNVD Advisory· Published Dec 18, 2025· Updated Dec 27, 2025

Kentico Xperience <= 12.0.47 Virtual Context Information Disclosure

CVE-2019-25228

Description

An information disclosure vulnerability in Kentico Xperience allows attackers to leak virtual context URLs via the HTTP Referer header when users interact with third-party domains. Sensitive virtual context information can be exposed to external domains through page builder interactions and link/image loading.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.