Kentico Xperience <= 12.0.102 URL Hashing Cryptography Vulnerability

Advisories

severity: medium
date: December 18, 2025
Affecting: Xperience <= 12.0.102
CVE: CVE-2021-47712
CWE: CWE-327 Use of a Broken or Risky Cryptographic Algorithm
CVSS: 6.9
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
References: Kentico DevNet Hotfixes
Description: A cryptography vulnerability in Kentico Xperience allows attackers to potentially manipulate URL hash values through existing hashing mechanisms. The hotfix introduces an additional security layer to prevent hash value reuse and potential exploitation.