CNNVD-202512-3394 Information
Dec 18, 2025
cve
CNNVD ID
CNNVD-202512-3394
Related CVE
- CNNVD Published: 2025-12-18
Description (Chinese)
Kentico Xperience是Kentico公司的一个数字体验平台。 Kentico Xperience存在注入漏洞,该漏洞源于路由引擎中的编码不当可能导致CRLF注入,进而引发标头注入攻击。
Description (English)
Kentico Xperience is a digital experience platform for Kentico. Kentico Xperience has an injection loophole, which stems from the fact that inappropriate coding in the route engine may result in an CRLF injection, which in turn triggers a pedal injection attack.
Hazard Level
High
Vulnerability Type
注入
Affected Vendor
Kentico
Published
2025-12-18
Last Modified
2026-02-24
References
https://devnet.kentico.com/download/hotfixes https://www.vulncheck.com/advisories/kentico-xperience-routing-engine-crlf-injection
Patch
https://devnet.kentico.com/download/hotfixes
Share on: