CVE-2025-32370
7.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L
Summary
Kentico Xperience before 13.0.178 has a specific set of allowed ContentUploader file extensions for unauthenticated uploads; however, because .zip is processed through TryZipProviderSafe, there is additional functionality to create files with other extensions. NOTE: this is a separate issue not necessarily related to SVG or XSS.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Kentico | Xperience | 0 < 13.0.178 | affected |
Weaknesses
- CWE-912: CWE-912 Hidden Functionality
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: partial
Additional References
References
- https://devnet.kentico.com/download/hotfixes
- https://labs.watchtowr.com/xss-to-rce-by-abusing-custom-file-handlers-kentico-xperience-cms-cve-2025-2748/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.