CVE-2025-2747

24 Mar 2025

Jose Alexis Correa Valencia
0 Comentarios

Título es

CVE-2025-2747

Lun, 24/03/2025 – 19:15

Tipo

CWE-287

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2025-2747

Descripción en

An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.178.

24/03/2025

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)

9.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

CRITICAL

Referencias

https://devnet.kentico.com/download/hotfixes

https://github.com/watchtowrlabs/kentico-xperience13-AuthBypass-wt-2025-0011

https://labs.watchtowr.com/bypassing-authentication-like-its-the-90s-pre-auth-rce-chain-s-in-kentico-xperience-cms/

Enviar en el boletín