← ExploitWatch
HomeExploited Vulnerabilities

CVE-2025-2749 — Actively Exploited: Kentico Xperience (Kentico)

Kentico Xperience contains a path traversal vulnerability that could allow an authenticated user's Staging Sync Server to upload arbitrary data to path relative locations.

CVE IDCVE-2025-2749
VendorKentico
ProductKentico Xperience
Vulnerability nameKentico Xperience Path Traversal Vulnerability
Date added2026-04-20
Remediation due2026-05-04
Known ransomware useUnknown
Required actionApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
DescriptionKentico Xperience contains a path traversal vulnerability that could allow an authenticated user's Staging Sync Server to upload arbitrary data to path relative locations.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →