CVE-2025-2747

CRITICAL KEV NUCLEI

Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0006)

Title source: nuclei

Description

An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.178.

Nuclei Templates (1)

Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0006)

CRITICALVERIFIEDby DhiyaneshDK

FOFA: app="Kentico-CMS"

References (5)

[Patch] https://devnet.kentico.com/download/hotfixes

[Third Party Advisory] https://github.com/watchtowrlabs/kentico-xperience13-AuthBypass-wt-2025-0011

View Writeup ZIP pw:eip

[Exploit, Third Party Advisory] https://labs.watchtowr.com/bypassing-authentication-like-its-the-90s-pre-auth-rce-chain-s-in-kentico-xperience-cms/

[Third Party Advisory] https://www.vulncheck.com/advisories/kentico-xperience-staging-sync-server-none-password-type-authentication-bypass

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-2747

Scores

CVSS v3 9.8

EPSS 0.8945

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2025-10-20

VulnCheck KEV 2025-10-20

ENISA EUVD EUVD-2025-8009

CWE

CWE-288

Status published

Products (1)

kentico/xperience < 13.0.178

Published Mar 24, 2025

KEV Added Oct 20, 2025

Tracked Since Feb 18, 2026