Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-32369

Kentico Xperience before 13.0.181 allows authenticated users to distribute malicious content (for stored XSS) via certain interactions with the media library file upload feature.

Published

2025-04-06T06:15:15.470

Last Modified

2025-04-08T17:27:42.950

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.4 (MEDIUM)

Weaknesses

Type: Secondary
CWE-79
Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	kentico	xperience	< 13.0.181	Yes

References

https://devnet.kentico.com/download/hotfixes Release Notes ([email protected])
https://labs.watchtowr.com/xss-to-rce-by-abusing-custom-file-handlers-kentico-xperience-cms-cve-2025-2748/ Exploit, Third Party Advisory (134c704f-9b21-4f2e-91b3-4a467353bcc0)