Threat Advisories - NVD Disclosed March 24, 2025

CVE-2025-2749

Kentico Xperience File Upload Vulnerability.

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

An authenticated remote code execution vulnerability in Kentico Xperience allows attackers to upload arbitrary files via path traversal, potentially leading to server-side code execution. This impacts organizations using Kentico Xperience installations through version 13.0.178, posing a business risk of system compromi

NVD published: March 24, 2025 • CISA KEV

CVE advisoryKnown Exploit

CVE-2025-2747

Kentico Xperience Authentication Bypass Risk

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

An authentication bypass vulnerability in Kentico Xperience allows attackers to control administrative objects. This poses a business risk by potentially enabling unauthorized access and modification of organizational data and systems.

NVD published: March 24, 2025 • CISA KEV

CVE advisoryKnown Exploit

CVE-2025-2746

Kentico Xperience Authentication Bypass Affects Administrative Objects.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

An authentication bypass flaw in Kentico Xperience's Staging Sync Server allows unauthorized control of administrative objects. This affects organizations using the affected versions, posing a business risk through potential data manipulation and access to critical functions.

NVD published: March 24, 2025 • CISA KEV