CVE-2025-2747
CRITICAL KEV NUCLEIKentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0006)
Title source: nucleiExploitation Summary
CVE-2025-2747 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added October 20, 2025. A Nuclei detection template is also available.
Description
An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.178.
Nuclei Templates (1)
Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0006)
CRITICALVERIFIEDby DhiyaneshDK
FOFA:
app="Kentico-CMS"
References (5)
Core 5
Core References
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-2747
Exploit, Third Party Advisory technical-description
exploit
https://labs.watchtowr.com/bypassing-authentication-like-its-the-90s-pre-auth-rce-chain-s-in-kentico-xperience-cms/
Patch vendor-advisory
patch
https://devnet.kentico.com/download/hotfixes
Third Party Advisory exploit
https://github.com/watchtowrlabs/kentico-xperience13-AuthBypass-wt-2025-0011
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/kentico-xperience-staging-sync-server-none-password-type-authentication-bypass
Scores
CVSS v3
9.8
EPSS
0.9141
EPSS Percentile
99.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
yes
Technical Impact
total
Details
CISA KEV
2025-10-20
VulnCheck KEV
2025-10-20
ENISA EUVD
EUVD-2025-8009
CWE
CWE-288
Status
published
Products (1)
kentico/xperience
< 13.0.178
Published
Mar 24, 2025
KEV Added
Oct 20, 2025
Tracked Since
Feb 18, 2026