CVE-2025-32370

Kentico Xperience before 13.0.178 has a specific set of allowed ContentUploader file extensions for unauthenticated uploads; however, because .zip is processed through TryZipProviderSafe, there is additional functionality to create files with other extensions. NOTE: this is a separate issue not necessarily related to SVG or XSS.

CVSS v3.0 9.8 CRITICAL

9.8^/10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://devnet.kentico.com/download/hotfixes	Release Notes
https://labs.watchtowr.com/xss-to-rce-by-abusing-custom-file-handlers-kentico-xperience-cms-cve-2025-2748/	Exploit Third Party Advisory
https://labs.watchtowr.com/xss-to-rce-by-abusing-custom-file-handlers-kentico-xperience-cms-cve-2025-2748/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:kentico:xperience:*:*:*:*:*:*:*:*

History

08 Apr 2025, 18:54

Type	Values Removed	Values Added
CPE		cpe:2.3:a:kentico:xperience::::::::
CWE		CWE-434
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
First Time		Kentico Kentico xperience
References	~~() https://devnet.kentico.com/download/hotfixes -~~	() https://devnet.kentico.com/download/hotfixes - Release Notes
References	~~() https://labs.watchtowr.com/xss-to-rce-by-abusing-custom-file-handlers-kentico-xperience-cms-cve-2025-2748/ -~~	() https://labs.watchtowr.com/xss-to-rce-by-abusing-custom-file-handlers-kentico-xperience-cms-cve-2025-2748/ - Exploit, Third Party Advisory

06 Apr 2025, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-06 07:15

Updated : 2025-04-08 18:54

NVD link : CVE-2025-32370

Mitre link : CVE-2025-32370

JSON object : View

Products Affected

kentico

xperience

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

9.8 /10