English
EN
Français
FR
Language
English
EN
Français
FR

CVE Vulnerabilities

Posts & Pages

No results found for ""

Try different keywords or check spelling

Search in CVE database, posts & pages • Press ESC to close

DNA View

High Severity Vulnerability

This vulnerability has been rated as High severity. Immediate action is recommended.

CVE-2025-32370

High
Low Medium High Critical
7.2
CVSS Score
Published: Apr 06, 2025
Last Modified: Apr 08, 2025

Vulnerability Description

Kentico Xperience before 13.0.178 has a specific set of allowed ContentUploader file extensions for unauthenticated uploads; however, because .zip is processed through TryZipProviderSafe, there is additional functionality to create files with other extensions. NOTE: this is a separate issue not necessarily related to SVG or XSS.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L
Attack Vector
N
Attack Complexity
L
Privileges Required
N
User Interaction
N
Scope
C
Confidentiality
N
Integrity
L
Availability
L

Known Affected Software

13 configuration(s) from 1 vendor(s)

xperience
Version:
13.0.172
CPE:
cpe:2.3:a:kentico:xperience:13.0.172:*:*:*:*:*:*:*
xperience
Version:
13.0.171
CPE:
cpe:2.3:a:kentico:xperience:13.0.171:*:*:*:*:*:*:*
xperience
Version:
13.0.175
CPE:
cpe:2.3:a:kentico:xperience:13.0.175:*:*:*:*:*:*:*
xperience
Version:
13.0.176
CPE:
cpe:2.3:a:kentico:xperience:13.0.176:*:*:*:*:*:*:*
xperience
Version:
13.0.169
CPE:
cpe:2.3:a:kentico:xperience:13.0.169:*:*:*:*:*:*:*
xperience
Version:
13.0.168
CPE:
cpe:2.3:a:kentico:xperience:13.0.168:*:*:*:*:*:*:*
xperience
Version:
13.0.170
CPE:
cpe:2.3:a:kentico:xperience:13.0.170:*:*:*:*:*:*:*
xperience
Version:
13.0.177
CPE:
cpe:2.3:a:kentico:xperience:13.0.177:*:*:*:*:*:*:*
xperience
Version:
13.0.166
CPE:
cpe:2.3:a:kentico:xperience:13.0.166:*:*:*:*:*:*:*
xperience
Version:
13.0.165
CPE:
cpe:2.3:a:kentico:xperience:13.0.165:*:*:*:*:*:*:*
xperience
Version:
13.0.173
CPE:
cpe:2.3:a:kentico:xperience:13.0.173:*:*:*:*:*:*:*
xperience
Version:
13.0.174
CPE:
cpe:2.3:a:kentico:xperience:13.0.174:*:*:*:*:*:*:*
xperience
Version:
13.0.167
CPE:
cpe:2.3:a:kentico:xperience:13.0.167:*:*:*:*:*:*:*
This vulnerability affects 13 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

7.2
out of 10.0
High

Key Information

Published Date
April 06, 2025

External Resources

NIST
NIST NVD
National Vulnerability Database
CD
CVE Details
Detailed vulnerability info
MT
MITRE CVE
Official CVE record