5.0.1
5.1.1
5.2.1
CVE-2025-13814 describes a server-side request forgery (SSRF) vulnerability discovered in Mogu Blog v2, affecting versions 5.0 through 5.2. This flaw allows attackers to potentially access internal resources by manipulating the uploadPictureByUrl function within the /file/uploadPicsByUrl endpoint. A public exploit is available, indicating an elevated risk of exploitation. The vulnerability is addressed in version 5.2.1.
The SSRF vulnerability in Mogu Blog allows an attacker to craft malicious requests that the server will execute on its behalf. This can lead to unauthorized access to internal services and resources that are not directly exposed to the internet. For example, an attacker could potentially scan internal ports, access sensitive configuration files, or even interact with internal APIs. Given the public availability of an exploit, the potential for widespread exploitation is significant. The blast radius extends to any internal systems accessible from the Mogu Blog server.
This vulnerability has been publicly disclosed and a proof-of-concept exploit is available, indicating a high probability of exploitation. It was published on 2025-12-01. The vendor was contacted but did not respond. The EPSS score is likely to be medium or high due to the public exploit and lack of vendor response.
Exploit Status
EPSS
0.06% (20% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-13814 is to upgrade Mogu Blog to version 5.2.1 or later, which contains the fix. If upgrading immediately is not possible, consider implementing a Web Application Firewall (WAF) with rules to block requests to the /file/uploadPicsByUrl endpoint or to filter out potentially malicious URLs. Additionally, restrict network access to the Mogu Blog server to only necessary ports and services. Monitor access logs for unusual outbound requests originating from the server.
Update Mogu Blog to a patched version that resolves the Server-Side Request Forgery (SSRF) vulnerability. If a patched version is not available, consider disabling the LocalFileServiceImpl.uploadPictureByUrl function or implementing validations and restrictions on user-provided URLs to mitigate the risk.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-13814 is a server-side request forgery vulnerability in Mogu Blog v2 (versions 5.0-5.2) that allows attackers to potentially access internal resources via the /file/uploadPicsByUrl endpoint.
You are affected if you are running Mogu Blog v2 versions 5.0, 5.1, or 5.2. Upgrade to version 5.2.1 or later to mitigate the risk.
Upgrade Mogu Blog to version 5.2.1 or later. As a temporary workaround, implement a WAF to block malicious requests to /file/uploadPicsByUrl.
Yes, a public exploit is available, indicating a high probability of active exploitation.
Due to lack of vendor response, an official advisory is currently unavailable. Monitor security news sources for updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.