CNNVD-202512-3403 Information

CNNVD ID

CNNVD-202512-3403

Related CVE

CVE-2019-25229

• CNNVD Published: 2025-12-18

Description (Chinese)

Kentico Xperience是Kentico公司的一个数字体验平台。 Kentico Xperience存在代码问题漏洞，该漏洞源于MVC表单文件上传组件允许上传任意文件类型，可能导致未经授权的文件上传。

Description (English)

Kentico Xperience is a digital experience platform for Kentico. Kentico Xperience has a code loophole, which stems from the fact that the MVC file upload component allows the uploading of any type of document, which may lead to the uploading of unauthorized documents.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

Kentico

Published

2025-12-18

Last Modified

2026-02-24

References

https://devnet.kentico.com/download/hotfixes https://www.vulncheck.com/advisories/kentico-xperience-mvc-forms-unrestricted-file-upload

Patch

https://devnet.kentico.com/download/hotfixes