CVE-2025-9406

Name of the Vulnerable Software and Affected Versions: xuhuisheng lemon versions through 1.13.0

Description: A weakness exists in xuhuisheng lemon up to version 1.13.0. This issue affects the uploadImage function within the CmsArticleController.java file, specifically in the com.mossle.cms.web.CmsArticleController.uploadImage component. Manipulation of the Upload argument results in unrestricted upload capabilities. The attack can be initiated remotely. The exploit has been made publicly available and may be exploited.

Recommendations: Versions prior to 1.13.0 are affected. As a temporary workaround, consider restricting access to the uploadImage function until a patch is available.