Vulnerability cyber

Kentico

Mar 17, 2025 1 min read
Kentico

Researchers discovered critical vulnerabilities in Kentico’s Xperience CMS, with potential for unauthenticated remote code execution, due to multiple authentication bypasses and a post-authentication RCE flaw. These vulnerabilities were found in systems with the Staging Service enabled, configured for username/password authentication. Attackers could use a SOAP request manipulation and path traversal flaw to gain admin access and write to the server's filesystem. These vulnerabilities were patched through updates. Organizations using the affected configurations risked complete system compromise, highlighting the importance of timely updates for security.

Source: https://cybersecuritynews.com/kentico-authentication-bypass-vulnerability/

"id": "ken820031725",
"linkid": "kentico-software",
"type": "Vulnerability",
"date": "3/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.