H3-2025-0027

Kentico Xperience Staging Service Authentication Bypass WT-2025-0011 Vulnerability

Description

A critical authentication bypass vulnerability exists in the Kentico Xperience Staging Service due to improper handling of authentication tokens in the WSE3-based authentication mechanism. The vulnerability allows attackers to authenticate using only a username without requiring a password, bypassing authentication entirely. This issue affects deployments where the Staging Service is configured with username/password authentication, allowing an unauthenticated attacker to gain administrative access to the API.

Impact

Remote unauthenticated attackers can exploit this vulnerability to gain administrative access to the Kentico Xperience Staging API. This enables them to manipulate CMS content, extract sensitive data, and potentially chain this flaw with other vulnerabilities, such as remote code execution (RCE), to fully compromise affected instances.

References

• Kentico Hotfixes
• Kentico Xperience CMS Vulnerability Enables Remote Code Execution
• NVD: CVE-2025-2749