Plattform
other
Komponente
exps
Behoben in
5.0.1
5.1.1
5.2.1
CVE-2025-13814 describes a server-side request forgery (SSRF) vulnerability discovered in Mogu Blog v2, affecting versions 5.0 through 5.2. This flaw allows attackers to potentially access internal resources by manipulating the uploadPictureByUrl function within the /file/uploadPicsByUrl endpoint. A public exploit is available, indicating an elevated risk of exploitation. The vulnerability is addressed in version 5.2.1.
The SSRF vulnerability in Mogu Blog allows an attacker to craft malicious requests that the server will execute on its behalf. This can lead to unauthorized access to internal services and resources that are not directly exposed to the internet. For example, an attacker could potentially scan internal ports, access sensitive configuration files, or even interact with internal APIs. Given the public availability of an exploit, the potential for widespread exploitation is significant. The blast radius extends to any internal systems accessible from the Mogu Blog server.
This vulnerability has been publicly disclosed and a proof-of-concept exploit is available, indicating a high probability of exploitation. It was published on 2025-12-01. The vendor was contacted but did not respond. The EPSS score is likely to be medium or high due to the public exploit and lack of vendor response.
Organizations running Mogu Blog v2, particularly those with sensitive internal resources accessible from the server, are at risk. Shared hosting environments where multiple users share the same Mogu Blog instance are also particularly vulnerable, as an attacker could potentially exploit the vulnerability through another user's account.
• linux / server: Monitor access logs for requests to /file/uploadPicsByUrl containing unusual or internal IP addresses. Use journalctl -u mogu-blog to look for errors related to file uploads or URL processing.
grep '/file/uploadPicsByUrl' /var/log/nginx/access.log | grep -E '127.0.0.1|192.168.1.0/24'• generic web: Use curl to test the /file/uploadPicsByUrl endpoint with various URLs, including internal IP addresses, to observe server responses.
curl -v 'http://your-mogu-blog-server/file/uploadPicsByUrl?url=http://127.0.0.1:8080'disclosure
poc
Exploit-Status
EPSS
0.06% (20% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-13814 is to upgrade Mogu Blog to version 5.2.1 or later, which contains the fix. If upgrading immediately is not possible, consider implementing a Web Application Firewall (WAF) with rules to block requests to the /file/uploadPicsByUrl endpoint or to filter out potentially malicious URLs. Additionally, restrict network access to the Mogu Blog server to only necessary ports and services. Monitor access logs for unusual outbound requests originating from the server.
Aktualisieren Sie Mogu Blog auf eine gepatchte Version, die die Server-Side Request Forgery (SSRF)-Schwachstelle behebt. Wenn keine gepatchte Version verfügbar ist, sollten Sie die Funktion LocalFileServiceImpl.uploadPictureByUrl deaktivieren oder Validierungen und Einschränkungen für die vom Benutzer bereitgestellten URLs implementieren, um das Risiko zu mindern.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-13814 is a server-side request forgery vulnerability in Mogu Blog v2 (versions 5.0-5.2) that allows attackers to potentially access internal resources via the /file/uploadPicsByUrl endpoint.
You are affected if you are running Mogu Blog v2 versions 5.0, 5.1, or 5.2. Upgrade to version 5.2.1 or later to mitigate the risk.
Upgrade Mogu Blog to version 5.2.1 or later. As a temporary workaround, implement a WAF to block malicious requests to /file/uploadPicsByUrl.
Yes, a public exploit is available, indicating a high probability of active exploitation.
Due to lack of vendor response, an official advisory is currently unavailable. Monitor security news sources for updates.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.