CVE-2025-2749 represents a moderate-severity path traversal flaw within Kentico Xperience's Staging Sync Server component that permits authenticated users to upload arbitrary data to unintended directory locations. The vulnerability requires valid authentication credentials and exploitation is constrained to the Staging Sync Server module, limiting exposure scope. CISA has added this CVE to the Known Exploited Vulnerabilities catalog, indicating active exploitation in the operational environment. Patch deployment is recommended for all affected Kentico Xperience instances, particularly those with externally accessible Staging Sync Server deployments.