CVE-2025-2794

High CVSS: 8.7

An unsafe reflection vulnerability in Kentico Xperience allows an unauthenticated attacker to kill the current process, leading to a Denial-of-Service condition.

This issue affects Xperience: through 13.0.180.

Vendor

Kentico

Product

Xperience

CWE

CWE-470

Yayın Tarihi

2025-03-31 17:15:41

Güncelleme

2025-11-04 23:15:34

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-470 Xperience HIGH Kentico 2025

Referanslar

https://devnet.kentico.com/download/hotfixes https://www.vulncheck.com/advisories/kentico-xperience-unsafe-reflection

Benzer Kayıtlar

High

CVE-2025-5591

Kentico Xperience 13 is vulnerable to a stored cross-site scripting attack via a form component, allowing an attacker to…

Medium

CVE-2024-58321

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via form v…

Medium

CVE-2024-58322

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious code into shipping…

Medium

CVE-2024-58323

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Ch…

Medium

CVE-2024-58317

A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when sett…

Medium

CVE-2024-58318

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the ri…