Vendor
Kentico Xperience contains a path traversal vulnerability (CVE-2025-2749) that could allow an authenticated user's Staging Sync Server to upload arbitrary data to path relative locations, potentially leading to remote code execution or data compromise.