Kentico

Researchers discovered critical vulnerabilities in Kentico’s Xperience CMS, with potential for unauthenticated remote code execution, due to multiple authentication bypasses and a post-authentication RCE flaw. These vulnerabilities were found in systems with the Staging Service enabled, configured for username/password authentication. Attackers could use a SOAP request manipulation and path traversal flaw to gain admin access and write to the server's filesystem. These vulnerabilities were patched through updates. Organizations using the affected configurations risked complete system compromise, highlighting the importance of timely updates for security.

Source: https://cybersecuritynews.com/kentico-authentication-bypass-vulnerability/

"id": "ken820031725",
"linkid": "kentico-software",
"type": "Vulnerability",
"date": "3/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"