CVE-2025-2747

Name of the Vulnerable Software and Affected Versions Kentico Xperience versions through 13.0.178

Description An authentication bypass issue exists in Kentico Xperience through the Staging Sync Server component. The issue is related to how passwords are handled for servers defined as type 'None'. Successful exploitation allows an attacker to bypass authentication and gain control of administrative objects. This vulnerability has been identified as critical and is actively exploited.

Recommendations Versions prior to 13.0.178 should be updated. As a temporary workaround, consider disabling the Staging Sync Server component until a patch is available.