CVE-2025-2749— Kentico Xperience <= 13.0.178 Staging Media File Upload Authenticated RCE
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-2749
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Kentico Xperience <= 13.0.178 Staging Media File Upload Authenticated RCE
Source: NVD (National Vulnerability Database)
Vulnerability Description
An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrary data to path relative locations. This results in path traversal and arbitrary file upload, including content that can be executed server side leading to remote code execution.This issue affects Kentico Xperience through 13.0.178.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Kentico Xperience 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Kentico Xperience是Kentico公司的一个数字体验平台。 Kentico Xperience 13.0.178及之前版本存在安全漏洞,该漏洞源于路径遍历和任意文件上传,可能导致远程代码执行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
II. Public POCs for CVE-2025-2749
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-2749
请登录查看更多情报信息。
- Hotfixesvendor-advisory
- Bypassing Authentication Like It’s The ‘90s - Pre-Auth RCE Chain(s) in Kentico Xperience CMStechnical-descriptionexploit
- https://nvd.nist.gov/vuln/detail/CVE-2025-2749
Same Patch Batch · Kentico · 2025-03-24 · 4 CVEs total
| CVE-2025-2747 | 9.8 CRITICAL | Kentico Xperience <= 13.0.178 Staging Sync Server None Password Type Authentication Bypass |
| CVE-2025-2746 | 9.8 CRITICAL | Kentico Xperience <= 13.0.172 Staging Sync Server Digest Password Authentication Bypass |
| CVE-2025-2748 | 6.1 MEDIUM | Kentico Xperience stored cross-site scripting in multiple-file upload functionality |
IV. Related Vulnerabilities
Same product: Xperience
- CVE-2024-58323
Kentico Xperience <= 13.0.158 Checkbox Form Component Stored - CVE-2024-58322
Kentico Xperience <= 13.0.158 Shipping Options Stored XSS - CVE-2024-58321
Kentico Xperience <= 13.0.159 Form Validation Stored XSS - CVE-2024-58320
Kentico Xperience <= 13.0.159 Authentication Information Dis - CVE-2024-58319
Kentico Xperience <= 13.0.160 Pages Dashboard Widget Reflect
Same vendor: Kentico
- CVE-2025-5591
Stored Cross-site Scripting (XSS) in Kentico Xperience 13 - CVE-2024-58323
Kentico Xperience <= 13.0.158 Checkbox Form Component Stored - CVE-2024-58321
Kentico Xperience <= 13.0.159 Form Validation Stored XSS - CVE-2024-58322
Kentico Xperience <= 13.0.158 Shipping Options Stored XSS - CVE-2024-58319
Kentico Xperience <= 13.0.160 Pages Dashboard Widget Reflect
Same weakness: CWE-22
- CVE-2026-8274
npitre cramfs-tools Directory cramfsck.c do_directory path t - CVE-2022-50956
WordPress Plugin amministrazione-aperta 3.7.3 Local File Rea - CVE-2026-8215
Industrial Application Software IAS Canias ERP RMI iasReques - CVE-2026-42605
AzuraCast: Path Traversal in `currentDirectory` Parameter En - CVE-2026-42574
apko dirFS has a symlink-following path traversal that allow
V. Comments for CVE-2025-2749
No comments yet