CVE-2025-32370

HIGH

Kentico Xperience < 13.0.178 - XSS

Title source: rule

Description

Kentico Xperience before 13.0.178 has a specific set of allowed ContentUploader file extensions for unauthenticated uploads; however, because .zip is processed through TryZipProviderSafe, there is additional functionality to create files with other extensions. NOTE: this is a separate issue not necessarily related to SVG or XSS.

Exploits (1)

exploitdb WORKING POC

by Alex Messham · pythonwebappsmultiple

https://www.exploit-db.com/exploits/52290

View Code ZIP pw:eip

References (2)

[Release Notes] https://devnet.kentico.com/download/hotfixes

[Exploit, Third Party Advisory] https://labs.watchtowr.com/xss-to-rce-by-abusing-custom-file-handlers-kentico-xperience-cms-cve-2025-2748/

Scores

CVSS v3 7.2

EPSS 0.0034

EPSS Percentile 56.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L

Details

CWE

CWE-912 CWE-434

Status published

Products (1)

kentico/xperience < 13.0.178

Published Apr 06, 2025

Tracked Since Feb 18, 2026