VYPR
Unrated severityNVD Advisory· Published Apr 6, 2025· Updated Apr 7, 2025

CVE-2025-32370

CVE-2025-32370

Description

Kentico Xperience before 13.0.178 has a specific set of allowed ContentUploader file extensions for unauthenticated uploads; however, because .zip is processed through TryZipProviderSafe, there is additional functionality to create files with other extensions. NOTE: this is a separate issue not necessarily related to SVG or XSS.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Kentico/Xperiencellm-fuzzy2 versions
    <13.0.178+ 1 more
    • (no CPE)range: <13.0.178
    • (no CPE)range: 0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.