CVE-2025-13813

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions moxi159753 Mogu Blog versions up to 5.2

Description A flaw exists in the Storage Management Endpoint component of moxi159753 Mogu Blog. The issue involves unauthorized processing of the /storage/ file, leading to a missing authorization check. This allows for remote exploitation, with a high complexity and difficult exploitability. The exploit is publicly available. The vendor was notified but did not respond.

Recommendations Versions prior to 5.2 should be updated.

Exploit

Fix

Incorrect Authorization

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-862

Related Identifiers

CVE-2025-13813

Affected Products

Mogu Blog

CVE-2025-13813

Weakness Enumeration

Related Identifiers

Affected Products

References · 11