CVE-2025-2746

24 Mar 2025

Jose Alexis Correa Valencia
0 Comentarios

Título es

CVE-2025-2746

Lun, 24/03/2025 – 19:15

Tipo

CWE-287

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2025-2746

Descripción en

An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server password handling of empty SHA1 usernames in digest authentication. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.172.

24/03/2025

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)

9.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

CRITICAL

Referencias

https://devnet.kentico.com/download/hotfixes

https://github.com/watchtowrlabs/kentico-xperience13-AuthBypass-wt-2025-0011

https://labs.watchtowr.com/bypassing-authentication-like-its-the-90s-pre-auth-rce-chain-s-in-kentico-xperience-cms/

Enviar en el boletín