An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.178.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 23 Sep 2025 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-287

Tue, 23 Sep 2025 16:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-288

Mon, 24 Mar 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 24 Mar 2025 18:30:00 +0000

Type Values Removed Values Added
Description An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.178.
Title Kentico Xperience Staging Sync Server None password type authentication bypass
Weaknesses CWE-287
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2025-09-23T15:43:36.943Z

Reserved: 2025-03-24T16:39:13.884Z

Link: CVE-2025-2747

cve-icon Vulnrichment

Updated: 2025-03-24T19:19:15.452Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2025-03-24T19:15:51.967

Modified: 2025-09-23T16:15:31.787

Link: CVE-2025-2747

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-07-13T11:06:55Z