CVE-2019-25230

An information disclosure vulnerability in Kentico Xperience allows authenticated users to view sensitive system objects through the live site widget properties dialog. Attackers can exploit this vulnerability to access unauthorized system information without proper access controls.

medium 4.3 CVSS 3.1

Published: Dec 18, 2025

Modified: Dec 24, 2025

Vendor: Kentico

Description

An information disclosure vulnerability in Kentico Xperience allows authenticated users to view sensitive system objects through the live site widget properties dialog. Attackers can exploit this vulnerability to access unauthorized system information without proper access controls.

References

https://devnet.kentico.com/download/hotfixes
https://www.vulncheck.com/advisories/kentico-xperience-user-widget-information-disclosure

Related CVEs

CVSS Breakdown

Version	3.1
Score	4.3 / 10
Severity	medium

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Weakness (CWE)

CWE-497

Affected Product

Vendor	Kentico
Product	Xperience