CVE-2025-2749 is a Kentico Xperience path traversal vulnerability that CISA added to the Known Exploited Vulnerabilities catalog on 2026-04-20. The KEV listing indicates this issue is important to remediate promptly, with a due date of 2026-05-04. The supplied source material does not provide a CVSS score or technical exploit details, so the safest response is to follow Kentico’s mitigation guidance and a [truncated]
CVE-2025-2747 is a Kentico Xperience CMS authentication bypass vulnerability that CISA added to the Known Exploited Vulnerabilities catalog on 2025-10-20. Because it is in KEV, defenders should treat it as an active-risk issue and prioritize remediation using vendor guidance. The supplied corpus does not include a CVSS score or vendor advisory text, so the safest response is to verify exposure, apply any [truncated]
CVE-2025-2746 is a Kentico Xperience CMS vulnerability named by CISA as an authentication bypass using an alternate path or channel. CISA added it to the Known Exploited Vulnerabilities catalog on 2025-10-20, which means it is treated as a known-exploited issue and should be prioritized for patching or mitigation. The KEV entry cites vendor hotfix guidance and a remediation due date of 2025-11-10.
CVE-2019-10068 is a Kentico Xperience deserialization of untrusted data issue that CISA added to the Known Exploited Vulnerabilities catalog on 2022-03-25. Because it is KEV-listed, defenders should treat it as actively risky and prioritize Kentico's update guidance immediately, with the supplied due date of 2022-04-15 as the urgency benchmark.
