CVE-2025-2748

MEDIUM EXPLOITED NUCLEI

Kentico Xperience CMS - Unauthenticated Stored XSS

Title source: nuclei
STIX 2.1

Exploitation Summary

CVE-2025-2748 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including xirtam2669. A Nuclei detection template is also available.

AI-analyzed exploit summary This PoC demonstrates an unauthenticated ZIP file upload vulnerability in Kentico Xperience before 13.0.178, allowing an attacker to upload a malicious SVG file embedded in a ZIP archive, leading to XSS execution.

Description

The Kentico Xperience application does not fully validate or filter files uploaded via the multiple-file upload functionality, which allows for stored XSS.This issue affects Kentico Xperience through 13.0.178.

Exploits (1)

nomisec WORKING POC 1 stars
by xirtam2669 · client-side
https://github.com/xirtam2669/Kentico-Xperience-before-13.0.178---XSS-POC

This PoC demonstrates an unauthenticated ZIP file upload vulnerability in Kentico Xperience before 13.0.178, allowing an attacker to upload a malicious SVG file embedded in a ZIP archive, leading to XSS execution.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Kentico Xperience before 13.0.178
No auth needed
Prerequisites: Network access to the target application · Target application must be running a vulnerable version of Kentico Xperience
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Kentico Xperience CMS - Unauthenticated Stored XSS
MEDIUMVERIFIEDby iamnoooob,rootxharsh,pdresearch
FOFA: app="Kentico-CMS"

References (1)

Core 1
Core References
Patch vendor-advisory patch
https://devnet.kentico.com/download/hotfixes

Scores

CVSS v3 6.1
EPSS 0.0054
EPSS Percentile 68.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

VulnCheck KEV 2025-06-07
CWE
CWE-434 CWE-79
Status published
Products (1)
kentico/xperience < 13.0.178
Published Mar 24, 2025
Tracked Since Feb 18, 2026