Vulnerability cyber

Kentico

Mar 17, 2025 1 min read
Kentico

Researchers discovered critical vulnerabilities in Kentico’s Xperience CMS, with potential for unauthenticated remote code execution, due to multiple authentication bypasses and a post-authentication RCE flaw. These vulnerabilities were found in systems with the Staging Service enabled, configured for username/password authentication. Attackers could use a SOAP request manipulation and path traversal flaw to gain admin access and write to the server's filesystem. These vulnerabilities were patched through updates. Organizations using the affected configurations risked complete system compromise, highlighting the importance of timely updates for security.

Source: https://cybersecuritynews.com/kentico-authentication-bypass-vulnerability/

TPRM report: https://scoringcyber.rankiteo.com/company/kentico-software

"id": "ken820031725",
"linkid": "kentico-software",
"type": "Vulnerability",
"date": "3/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Technology',
                        'name': 'Kentico',
                        'type': 'Software Provider'}],
 'attack_vector': ['SOAP request manipulation', 'Path traversal'],
 'description': 'Critical vulnerabilities in Kentico’s Xperience CMS that '
                'could lead to unauthenticated remote code execution were '
                'discovered. The vulnerabilities included multiple '
                'authentication bypasses and a post-authentication RCE flaw. '
                'Systems with the Staging Service enabled and configured for '
                'username/password authentication were at risk. Attackers '
                'could exploit these vulnerabilities using SOAP request '
                'manipulation and path traversal to gain admin access and '
                "write to the server's filesystem. The vulnerabilities were "
                'patched through updates.',
 'impact': {'systems_affected': 'Kentico Xperience CMS with Staging Service '
                                'enabled'},
 'lessons_learned': 'Importance of timely updates for security',
 'post_incident_analysis': {'corrective_actions': 'Vulnerabilities patched '
                                                  'through updates',
                            'root_causes': ['Authentication bypasses',
                                            'Post-authentication RCE flaw']},
 'response': {'remediation_measures': 'Vulnerabilities patched through '
                                      'updates'},
 'title': 'Kentico Xperience CMS Vulnerabilities',
 'type': 'Vulnerability Exploitation',
 'vulnerability_exploited': ['Authentication bypasses',
                             'Post-authentication RCE flaw']}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.