Security advisory 2025-03-24

Copy to clipboard

Account lockout causes temporary lockout of valid users

CVSS: 6.9
Affected versions: 29.7.0 - 30.2.2
Category: Denial of service

Summary

An issue with the account lockout feature could affect access for administration users under certain conditions. As a result, valid users could experience issues with unexpected sign-out and become temporarily locked out of the system on projects with the account lockout feature enabled.

How to fix

Update to the latest version. See Update Xperience by Kentico projects for detailed instructions.