CVE-2025-2746CRITICAL 9.8CISA KEVEPSS p99.0%

CVE-2025-2746Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability

Kentico / Xperience CMS

Description

Kentico Xperience CMS contains an authentication bypass using an alternate path or channel vulnerability that could allow an attacker to control administrative objects.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS57.99% probability of exploitation · percentile 99.0% · 2026-06-19T12:03:05Z
Published2025-03-24
Last modified2025-11-06

CISA KEV entry

Added to KEV: 2025-10-20

Underlying weaknesses· 1

CWE-288

References

  1. https://devnet.kentico.com/download/hotfixes
  2. https://github.com/watchtowrlabs/kentico-xperience13-AuthBypass-wt-2025-0011
  3. https://labs.watchtowr.com/bypassing-authentication-like-its-the-90s-pre-auth-rce-chain-s-in-kentico-xperience-cms/
  4. https://www.vulncheck.com/advisories/kentico-xperience-staging-sync-server-digest-password-authentication-bypass
  5. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-2746

1

TypeTargetConfidenceTier
WeaknessAuthentication Bypass Using an Alternate Path or Channelcwe-2880%live

(incoming)1

TypeTargetConfidenceTier
KEVEntryKentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerabilitykev-cve-2025-27460%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Kentico Xperience Path Traversal Vulnerability
CVE
Kentico Xperience Deserialization of Untrusted Data Vulnerability
CVE
CVE-2025-8995
CVE
CVE-2025-6926
CVE
Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability
CVE
CVE-2025-8093
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.