CyberSec.Space Logo
CVEブラウザに戻る

CVE-2025-2749

Known Exploited (CISA KEV)CRITICAL
9.1
CVSS Severity Score
EPSS Score88.0180%
EPSS Percentile89.28th
Published2026年4月20日
Last Modified2026年6月12日

Vulnerability Description

Kentico Xperience contains a path traversal vulnerability that could allow an authenticated user's Staging Sync Server to upload arbitrary data to path relative locations.

Affected Platforms (CPE)

📦
Kentico

Kentico Xperience

Refer to description

References & Advisories

🔗 https://nvd.nist.gov/vuln/detail/CVE-2025-2749

関連する脆弱性情報

CVE-2021-477118.8

A SQL injection vulnerability in Kentico Xperience allows authenticated editors to inject malicious SQL queries via online marketi...

CVE-2019-252298.8

An unrestricted file upload vulnerability in Kentico Xperience allows authenticated users with 'Read data' permissions to upload a...

CVE-2021-477127.5

A cryptography vulnerability in Kentico Xperience allows attackers to potentially manipulate URL hash values through existing hash...

CVE-2020-368907.2

An access control bypass vulnerability in Kentico Xperience allows administrators to modify global administrator user privileges v...