CVE-2025-2746: Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability

CVE ID

CVE-2025-2746

Vulnerability Name

Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability

• Project: Kentico
• Product: Xperience CMS

Date

• Date Added: 2025-10-20
• Due Date: 2025-11-10

Description

Kentico Xperience CMS contains an authentication bypass using an alternate path or channel vulnerability that could allow an attacker to control administrative objects.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://devnet.kentico.com/download/hotfixes ; https://nvd.nist.gov/vuln/detail/CVE-2025-2746

Related Security News

• Five New Exploited Bugs Land in CISA's Catalog — Oracle and Microsoft Among Targets

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List