CVE-2025-9004
BaseFortify
Publication date: 2025-08-15
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mtons | mblog | to 3.5.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-307 | The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame. |
| CWE-799 | The product does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in mtons mblog up to version 3.5.0 and involves improper restriction of excessive authentication attempts on the /settings/password file. It allows an attacker to remotely attempt multiple authentications without proper limitation, potentially leading to abuse. The attack complexity is high and exploitation is difficult, but the exploit has been publicly disclosed.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to perform excessive authentication attempts remotely, which may lead to unauthorized access or account compromise if successful. Although exploitation is difficult, the public availability of the exploit increases risk. This can impact system security by enabling brute force or similar attacks.