Kentico Xperience vulnerabilities: known CVEs & security history

Kentico · Actively exploited · 50 tracked CVEs · 4 actively exploited · updated June 2026 · what is a CVE? →

This is the full list of known vulnerabilities (CVEs) across all Kentico Xperience release lines — 50 in total, with 4 actively exploited in the wild. A CVE here doesn't mean your version is affected — check Kentico Xperience's current status and the safe version to run.

known CVEs

actively exploited (KEV)

critical severity

ransomware-linked

Known Kentico Xperience CVEs

Actively-exploited and most-severe first. Open any CVE for full details.

CVE	Severity	CVSS	EPSS	Year
CVE-2025-2747⚡ exploited	critical	9.8	91%	2025
CVE-2025-2746⚡ exploited	critical	9.8	58%	2025
CVE-2019-10068⚡ exploited	critical	9.8	96%	2019
CVE-2025-2749⚡ exploited	high	7.2	4%	2025
CVE-2017-17736	critical	9.8	69%	2018
CVE-2019-12102	critical	9.1	2%	2019
CVE-2021-47711	high	8.8	0%	2025
CVE-2019-25229	high	8.8	0%	2025
CVE-2018-19453	high	8.8	1%	2019
CVE-2018-5282	high	7.8	2%	2018
CVE-2023-53934	high	7.5	0%	2025
CVE-2022-50686	high	7.5	0%	2025
CVE-2021-47712	high	7.5	0%	2025
CVE-2022-32387	high	7.5	1%	2022
CVE-2020-36890	high	7.2	0%	2025
CVE-2025-32370	high	7.2	1%	2025
CVE-2019-6242	high	7.2	1%	2019
CVE-2018-6843	high	7.2	1%	2018
CVE-2018-7046	high	7.2	6%	2018
CVE-2021-43991	medium	6.8	1%	2021
CVE-2022-50682	medium	6.5	0%	2025
CVE-2025-32369	medium	6.4	0%	2025
CVE-2024-58319	medium	6.1	0%	2025
CVE-2024-58318	medium	6.1	0%	2025
CVE-2022-50684	medium	6.1	0%	2025
CVE-2022-50681	medium	6.1	0%	2025
CVE-2025-2748	medium	6.1	52%	2025
CVE-2021-46163	medium	6.1	1%	2022
CVE-2020-24794	medium	6.1	1%	2020
CVE-2025-5591	medium	5.4	0%	2026
CVE-2024-58323	medium	5.4	0%	2025
CVE-2024-58322	medium	5.4	0%	2025
CVE-2024-58321	medium	5.4	0%	2025
CVE-2023-53738	medium	5.4	0%	2025
CVE-2023-53736	medium	5.4	0%	2025
CVE-2022-50685	medium	5.4	0%	2025
CVE-2022-50683	medium	5.4	0%	2025
CVE-2020-36891	medium	5.4	0%	2025
CVE-2020-36889	medium	5.4	0%	2025
CVE-2019-19493	medium	5.4	2%	2019
CVE-2018-6842	medium	5.4	1%	2018
CVE-2024-58320	medium	5.3	0%	2025
CVE-2024-58317	medium	5.3	0%	2025
CVE-2019-25228	medium	5.3	0%	2025
CVE-2022-29287	medium	4.9	1%	2022
CVE-2023-53737	medium	4.8	0%	2025
CVE-2022-50680	medium	4.8	0%	2025
CVE-2018-7205	medium	4.8	1%	2018
CVE-2019-25230	medium	4.3	0%	2025
CVE-2025-2794	unknown	—	0%	2025

Is my Kentico Xperience version affected?

The list above spans every release. To know whether your version is affected — and the minimum safe version to upgrade to — check it directly.

Check your Kentico Xperience version → · Monitor Kentico Xperience for new CVEs →

Kentico Xperience vulnerabilities — frequently asked

How many known vulnerabilities does Kentico Xperience have?

IsItPatched tracks 50 CVEs for Kentico Xperience, 4 of which are actively exploited (CISA KEV). 5 are critical-severity and 14 high-severity. These span every release line — what matters is whether the version you run is affected.

Does Kentico Xperience have any actively-exploited vulnerabilities?

Yes — 4 Kentico Xperience CVEs are in CISA's Known Exploited Vulnerabilities catalog, meaning they are confirmed exploited in the wild. Patch these as a priority.

What is the most severe Kentico Xperience vulnerability?

Among tracked issues, CVE-2025-2747 (CRITICAL, CVSS 9.8), which is actively exploited, ranks highest — a CWE-288 weakness.

Is Kentico Xperience safe to use?

It depends on the version. The latest supported Kentico Xperience release clears the known issues; older versions may still be affected. Check the exact version you run for a verdict.

CVE data aggregated from NVD, CISA KEV and EPSS (FIRST.org). Related: Kentico Xperience security status · Kentico Xperience end-of-life · actively-exploited CVEs. Always verify against Kentico's advisories — see our disclaimer.