The second bypass exploits a logical flaw in Microsoft’s obsolete Web Services Enhancement 3.0 library, where the system fails to validate tokens with the “SendNone” password option. By manipulating SOAP requests to use password digest authentication with a specially crafted username token, attackers can gain administrative access without valid credentials. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The RCE vulnerability exists because the CheckAndEnsureFilePath method fails to properly validate file paths, allowing attackers to write files outside intended directories. These issues affect Kentico Xperience version 13 installations with the Staging Service enabled and configured to use username/password authentication rather than X.509 certificates. Once authenticated, attackers can exploit the post-authentication RCE vulnerability (WT-2025-0007) by abusing a path traversal flaw in the media file upload functionality. Kaaviya is a Security Editor and fellow reporter with Cyber Security News. Organizations are strongly advised to upgrade to the latest version immediately, especially if using username/password authentication for the Staging Service. She is covering various cyber security incidents happening in the Cyber Space. The first bypass occurs because when an invalid username is provided, the system returns an empty string instead of throwing an exception. The vulnerabilities, identified as WT-2025-0006, WT-2025-0007, and WT-2025-0011, can be chained together to achieve unauthenticated remote code execution on systems with common configurations. Combined with hash-based password verification, this creates an authentication bypass.
This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 17 Mar 2025 16:50:05 +0000