AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

🔥 This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)

CVE-2025-2749: Kentico Xperience Path Traversal Vulnerability

infovulnerability🔥 Actively Exploited

security

Source: CISA Known Exploited VulnerabilitiesApril 19, 2026CVE-2025-2749

Summary

Kentico Xperience has a path traversal vulnerability (a flaw that lets attackers access files outside their intended directory) that allows an authenticated user's Staging Sync Server (a component that syncs data between environments) to upload files to unintended locations. This vulnerability is actively being exploited by attackers.

Solution / Mitigation

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Check https://devnet.kentico.com/download/hotfixes for vendor hotfixes.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 1.2%

Patch Available

Yes

Exploit Maturity

🔥 Actively Exploited

Disclosure Date

April 19, 2026

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-22 CWE-434

CAPEC (Attack Pattern)

CAPEC-1 CAPEC-126

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-2749

First tracked: April 20, 2026 at 08:00 PM

Classified by LLM (prompt v3) · confidence: 95%