CVE-2025-2746

🗓️ 24 Mar 2025 18:16:04Reported by VulnCheckType

cve🔗 web.nvd.nist.gov📰️ 5 Media mentions👁 73 Views

Authentication bypass in Kentico Xperience allows control of admin objects via empty SHA1 usernames.

Reporter	Title	Published	Views	Family All 17
Circl	CVE-2025-2746	24 Mar 202519:40	–	circl
CISA KEV Catalog	Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability	20 Oct 202500:00	–	cisa_kev
CISA	CISA Adds Five Known Exploited Vulnerabilities to Catalog	20 Oct 202512:00	–	cisa
CNNVD	Kentico Xperience 安全漏洞	24 Mar 202500:00	–	cnnvd
CNVD	Kentico Xperience Authentication Bypass Vulnerability (CNVD-2026-05134)	28 Mar 202500:00	–	cnvd
Cvelist	CVE-2025-2746 Kentico Xperience <= 13.0.172 Staging Sync Server Digest Password Authentication Bypass	24 Mar 202518:16	–	cvelist
EUVD	EUVD-2025-8008	3 Oct 202520:07	–	euvd
Tenable Nessus	Kentico Xperience < 13.0.173 Auth Bypass	23 Oct 202500:00	–	nessus
Nuclei	Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0011)	3 Jun 202606:04	–	nuclei
NVD	CVE-2025-2746	24 Mar 202519:15	–	nvd

NVD

Vulners

CNA

Node

kentico xperienceRange≤13.0.172

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Staging"
    ],
    "product": "Xperience",
    "vendor": "Kentico",
    "versions": [
      {
        "lessThanOrEqual": "13.0.172",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
vulncheck	www.vulncheck.com/advisories/kentico-xperience-staging-sync-server-digest-password-authentication-bypass
github	www.github.com/watchtowrlabs/kentico-xperience13-AuthBypass-wt-2025-0011
devnet	www.devnet.kentico.com/download/hotfixes
labs	www.labs.watchtowr.com/bypassing-authentication-like-its-the-90s-pre-auth-rce-chain-s-in-kentico-xperience-cms/
cisa	www.cisa.gov/known-exploited-vulnerabilities-catalog

17 Dec 2025 19:32Current

7.6High risk

Vulners AI Score7.6

CVSS 3.19.8

EPSS0.89733

SSVC