CVE-2025-2749 is a Kentico Xperience path traversal vulnerability that CISA added to the Known Exploited Vulnerabilities catalog on 2026-04-20. The KEV listing indicates this issue is important to remediate promptly, with a due date of 2026-05-04. The supplied source material does not provide a CVSS score or technical exploit details, so the safest response is to follow Kentico’s mitigation guidance and a [truncated]
CVE-2025-2747 is a Kentico Xperience CMS authentication bypass vulnerability that CISA added to the Known Exploited Vulnerabilities catalog on 2025-10-20. Because it is in KEV, defenders should treat it as an active-risk issue and prioritize remediation using vendor guidance. The supplied corpus does not include a CVSS score or vendor advisory text, so the safest response is to verify exposure, apply any [truncated]
CVE-2025-2746 is a Kentico Xperience CMS vulnerability named by CISA as an authentication bypass using an alternate path or channel. CISA added it to the Known Exploited Vulnerabilities catalog on 2025-10-20, which means it is treated as a known-exploited issue and should be prioritized for patching or mitigation. The KEV entry cites vendor hotfix guidance and a remediation due date of 2025-11-10.
