← back
CVE-2025-2746

Kentico Xperience <= 13.0.172 Staging Sync Server Digest Password Authentication Bypass

CVSS 9.8 CRITICALEPSS 58.4%● KEVCWE-288
In short

Kentico Xperience has a critical flaw in its Staging Sync Server that allows attackers to bypass password authentication by exploiting how it handles empty usernames in digest authentication. This lets attackers gain administrative access without knowing the correct password.

Technical detail

The vulnerability exists in the digest authentication mechanism of Kentico Xperience's Staging Sync Server, where improper handling of empty SHA1 usernames allows authentication bypass. An attacker can craft a malicious digest authentication request to gain unauthorized administrative access to control sensitive objects, affecting versions through 13.0.172.

Summary generated and translated by AI from the official description.
An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server password handling of empty SHA1 usernames in digest authentication. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.172.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Kentico · Xperience
public PoCs found2
cve_referencegithub.com/watchtowrlabs/kentico-xperience13-AuthBypass-wt-2025-0011unverifiedcve_referencelabs.watchtowr.com/bypassing-authentication-like-its-the-90s-pre-auth-rce-chain-s-in-kentico-xperience-cms/unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://devnet.kentico.com/download/hotfixeshttps://github.com/watchtowrlabs/kentico-xperience13-AuthBypass-wt-2025-0011https://labs.watchtowr.com/bypassing-authentication-like-its-the-90s-pre-auth-rce-chain-s-in-kentico-xperience-cms/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-2746https://www.vulncheck.com/advisories/kentico-xperience-staging-sync-server-digest-password-authentication-bypass