CVE-2025-2794

An unsafe reflection vulnerability in Kentico Xperience allows an unauthenticated attacker to kill the current process, leading to a Denial-of-Service condition. This issue affects Xperience: through 13.0.180.

CVSS

No CVSS.

References

Link	Resource
https://devnet.kentico.com/download/hotfixes	Product
https://www.vulncheck.com/advisories/kentico-xperience-unsafe-reflection

Configurations

Configuration 1 (hide)

cpe:2.3:a:kentico:xperience:*:*:*:*:*:*:*:*

History

04 Nov 2025, 23:15

Type	Values Removed	Values Added
References		() https://www.vulncheck.com/advisories/kentico-xperience-unsafe-reflection -

04 Nov 2025, 18:16

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~7.5~~	v2 : unknown v3 : unknown

22 Sep 2025, 18:45

Type	Values Removed	Values Added
References	~~() https://devnet.kentico.com/download/hotfixes -~~	() https://devnet.kentico.com/download/hotfixes - Product
Summary		(es) Una vulnerabilidad de reflexión insegura en Kentico Xperience permite que un atacante no autenticado finalice el proceso actual, lo que genera una condición de denegación de servicio. Este problema afecta a Xperience hasta la versión 13.0.180.
First Time		Kentico Kentico xperience
CPE		cpe:2.3:a:kentico:xperience::::::::

31 Mar 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-31 17:15

Updated : 2025-11-04 23:15

NVD link : CVE-2025-2794

Mitre link : CVE-2025-2794

CVE.ORG link : CVE-2025-2794

JSON object : View

Products Affected

kentico

xperience

CWE

CWE-470

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

{"id": "CVE-2025-2794", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-03-31T17:15:41.333", "references": [{"url": "https://devnet.kentico.com/download/hotfixes", "tags": ["Product"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/kentico-xperience-unsafe-reflection", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-470"}]}], "descriptions": [{"lang": "en", "value": "An unsafe reflection vulnerability in Kentico Xperience allows an unauthenticated attacker to kill the current process, leading to a Denial-of-Service condition.\n\n\n\n\nThis issue affects Xperience: through 13.0.180."}, {"lang": "es", "value": "Una vulnerabilidad de reflexi\u00f3n insegura en Kentico Xperience permite que un atacante no autenticado finalice el proceso actual, lo que genera una condici\u00f3n de denegaci\u00f3n de servicio. Este problema afecta a Xperience hasta la versi\u00f3n 13.0.180."}], "lastModified": "2025-11-04T23:15:34.820", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:kentico:xperience:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F916E13E-F825-4DCA-9A00-9DA624AAF865", "versionEndIncluding": "13.0.180"}], "operator": "OR"}]}], "sourceIdentifier": "disclosure@vulncheck.com"}