CVE-2025-2748 Scanner

Kentico Xperience CMS is a popular web content management system used by organizations for building websites and online stores. It offers rich features for content management, e-commerce, and online marketing, making it a preferred choice for businesses looking to manage their digital channels. Configured to support enterprise needs, Kentico Xperience CMS is often found in medium to large-sized enterprises worldwide. Its integration capabilities with other software and user-friendly interface cater to a wide range of customers, from marketers to developers. The flexibility and scalability make it suitable for a variety of projects and industries. A robust ecosystem of extensions and integrations further enhances its functionality.

Cross-Site Scripting (XSS) is a vulnerability that allows attackers to inject malicious scripts into web applications. This particular vulnerability in Kentico Xperience CMS arises due to insufficient validation and filtering of files uploaded via the multi-file upload feature. By exploiting this flaw, attackers can execute arbitrary scripts in the context of the user's session. Stored XSS can lead to session hijacking, phishing attacks, and other malicious activities. The injection points during file uploads are inadequately sanitized, leading to potential script execution when the file is accessed. Such vulnerabilities significantly impact user trust and the integrity of the affected application.

The vulnerability allows an attacker to upload malicious files via the MultiFileUploader.ashx endpoint, which lacks proper validation. The uploaded file is then used in conjunction with the GetResource.ashx endpoint where the injected script is executed, demonstrating the stored XSS. The files uploaded as .zip are accessed and rendered as SVG, where the payload is embedded. The vulnerability exploits the image parameter in the URL to render the malicious SVG file. The weak points are the lack of file type and content checks during the upload process. Technical execution involves crafting specially encoded payloads that trigger once the file is processed or accessed.

Exploiting this vulnerability can lead to numerous detrimental effects, such as unauthorized actions being triggered in the user's browser. Users' sessions could be hijacked, allowing attackers to impersonate users and access sensitive information. Phishing attacks could be facilitated by redirecting users to malicious sites controlled by the attacker. The brand reputation of the organization using Kentico Xperience CMS can be at risk if attackers are able to deliver harmful content via the compromised site. Malicious scripts could alter or destroy content, contributing to data integrity issues. Furthermore, the exploitation can be leveraged for broader attacks against the system or its users.

REFERENCES

• https://labs.watchtowr.com/xss-to-rce-by-abusing-custom-file-handlers-kentico-xperience-cms-cve-2025-2748/
• https://devnet.kentico.com/download/hotfixes