CVE-2025-2749

Known Exploited (CISA KEV)CRITICAL

9.1

CVSS Severity Score

EPSS Score88.0180%

EPSS Percentile89.28th

PublishedApr 20, 2026

Last ModifiedJun 12, 2026

Vulnerability Description

Kentico Xperience contains a path traversal vulnerability that could allow an authenticated user's Staging Sync Server to upload arbitrary data to path relative locations.

Affected Platforms (CPE)

📦

Kentico

Kentico Xperience

Refer to description

References & Advisories

🔗 https://nvd.nist.gov/vuln/detail/CVE-2025-2749

Related Vulnerabilities

CVE-2021-477118.8

A SQL injection vulnerability in Kentico Xperience allows authenticated editors to inject malicious SQL queries via online marketi...

CVE-2019-252298.8

An unrestricted file upload vulnerability in Kentico Xperience allows authenticated users with 'Read data' permissions to upload a...

CVE-2021-477127.5

A cryptography vulnerability in Kentico Xperience allows attackers to potentially manipulate URL hash values through existing hash...

CVE-2020-368907.2

An access control bypass vulnerability in Kentico Xperience allows administrators to modify global administrator user privileges v...