Plataforma
other
Componente
exps
Corregido en
5.0.1
5.1.1
5.2.1
CVE-2025-13814 describes a server-side request forgery (SSRF) vulnerability discovered in Mogu Blog v2, affecting versions 5.0 through 5.2. This flaw allows attackers to potentially access internal resources by manipulating the uploadPictureByUrl function within the /file/uploadPicsByUrl endpoint. A public exploit is available, indicating an elevated risk of exploitation. The vulnerability is addressed in version 5.2.1.
The SSRF vulnerability in Mogu Blog allows an attacker to craft malicious requests that the server will execute on its behalf. This can lead to unauthorized access to internal services and resources that are not directly exposed to the internet. For example, an attacker could potentially scan internal ports, access sensitive configuration files, or even interact with internal APIs. Given the public availability of an exploit, the potential for widespread exploitation is significant. The blast radius extends to any internal systems accessible from the Mogu Blog server.
This vulnerability has been publicly disclosed and a proof-of-concept exploit is available, indicating a high probability of exploitation. It was published on 2025-12-01. The vendor was contacted but did not respond. The EPSS score is likely to be medium or high due to the public exploit and lack of vendor response.
Organizations running Mogu Blog v2, particularly those with sensitive internal resources accessible from the server, are at risk. Shared hosting environments where multiple users share the same Mogu Blog instance are also particularly vulnerable, as an attacker could potentially exploit the vulnerability through another user's account.
• linux / server: Monitor access logs for requests to /file/uploadPicsByUrl containing unusual or internal IP addresses. Use journalctl -u mogu-blog to look for errors related to file uploads or URL processing.
grep '/file/uploadPicsByUrl' /var/log/nginx/access.log | grep -E '127.0.0.1|192.168.1.0/24'• generic web: Use curl to test the /file/uploadPicsByUrl endpoint with various URLs, including internal IP addresses, to observe server responses.
curl -v 'http://your-mogu-blog-server/file/uploadPicsByUrl?url=http://127.0.0.1:8080'disclosure
poc
Estado del Exploit
EPSS
0.06% (20% percentil)
CISA SSVC
Vector CVSS
The primary mitigation for CVE-2025-13814 is to upgrade Mogu Blog to version 5.2.1 or later, which contains the fix. If upgrading immediately is not possible, consider implementing a Web Application Firewall (WAF) with rules to block requests to the /file/uploadPicsByUrl endpoint or to filter out potentially malicious URLs. Additionally, restrict network access to the Mogu Blog server to only necessary ports and services. Monitor access logs for unusual outbound requests originating from the server.
Actualizar Mogu Blog a una versión parcheada que solucione la vulnerabilidad de Server-Side Request Forgery (SSRF). Si no hay una versión parcheada disponible, considere deshabilitar la función LocalFileServiceImpl.uploadPictureByUrl o implementar validaciones y restricciones en las URLs proporcionadas por el usuario para mitigar el riesgo.
Análisis de vulnerabilidades y alertas críticas directamente en tu correo.
CVE-2025-13814 is a server-side request forgery vulnerability in Mogu Blog v2 (versions 5.0-5.2) that allows attackers to potentially access internal resources via the /file/uploadPicsByUrl endpoint.
You are affected if you are running Mogu Blog v2 versions 5.0, 5.1, or 5.2. Upgrade to version 5.2.1 or later to mitigate the risk.
Upgrade Mogu Blog to version 5.2.1 or later. As a temporary workaround, implement a WAF to block malicious requests to /file/uploadPicsByUrl.
Yes, a public exploit is available, indicating a high probability of active exploitation.
Due to lack of vendor response, an official advisory is currently unavailable. Monitor security news sources for updates.
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.