Unrated severityCISA KEVNVD Advisory· Published Mar 24, 2025· Updated Feb 26, 2026
Kentico Xperience <= 13.0.172 Staging Sync Server Digest Password Authentication Bypass
CVE-2025-2746
Description
An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server password handling of empty SHA1 usernames in digest authentication. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.172.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
3- labs.watchtowr.com/bypassing-authentication-like-its-the-90s-pre-auth-rce-chain-s-in-kentico-xperience-cms/mitretechnical-descriptionexploit
- devnet.kentico.com/download/hotfixesmitrevendor-advisorypatch
- www.vulncheck.com/advisories/kentico-xperience-staging-sync-server-digest-password-authentication-bypassmitrethird-party-advisory
News mentions
0No linked articles in our index yet.