Cyber Resilience

CVE-2023-53934

HighPublic PoC

Published: 18 December 2025

Published
18 December 2025
Modified
24 December 2025
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0036 27.6th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-53934 is a high-severity Improper Neutralization of Server-Side Includes (SSI) Within a Web Page (CWE-97) vulnerability in Kentico Xperience. Its CVSS base score is 8.7 (High).

Operationally, ranked at the 27.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

A denial of service vulnerability in Kentico Xperience allows attackers to launch DoS attacks via specially crafted requests to the GetResource handler. Improper input validation enables remote attackers to potentially disrupt service availability through maliciously constructed requests.

CWE(s)

Related Threats

CVEs Like This One

CVE-2025-2746Same product: Kentico Xperience
CVE-2025-2749Same product: Kentico Xperience
CVE-2025-2747Same product: Kentico Xperience
CVE-2025-21103Shared CWE-97

Affected Assets

kentico
xperience
≤ 12.0.98

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References