CVE-2025-9406
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-25

Last updated on: 2026-04-29

Assigner: VulDB

Description
A weakness has been identified in xuhuisheng lemon up to 1.13.0. This affects the function uploadImage of the file CmsArticleController.java of the component com.mossle.cms.web.CmsArticleController.uploadImage. This manipulation of the argument Upload causes unrestricted upload. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-25
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-08-25
EPSS Evaluated
2026-06-14
NVD
CVE-2025-9406
EUVD
EUVD-2025-25656
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mossle lemon to 1.13.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-9406 is an unrestricted file upload vulnerability in the xuhuisheng lemon CMS up to version 1.13.0. It occurs in the uploadImage function of the CmsArticleController.java file, where there are no restrictions on the types of files that can be uploaded. The system attempts to rename uploaded files but does not validate or restrict file types, allowing attackers to upload arbitrary and potentially malicious files remotely without authentication. [1, 2, 3]

Impact Analysis

This vulnerability can allow attackers to upload malicious files to the affected system, potentially leading to compromise of confidentiality, integrity, and availability. Since the uploaded files are unrestricted, attackers could upload scripts or executables that may be executed on the server, leading to unauthorized access, data breaches, or service disruption. The exploit is easy to perform remotely and a public proof-of-concept is available. [1, 2, 3]

Detection Guidance

This vulnerability can be detected by monitoring for unauthorized or suspicious file uploads to the uploadImage function in the CmsArticleController component of xuhuisheng lemon CMS. Since the vulnerability allows unrestricted file uploads, detection can involve checking web server logs or application logs for unusual file types or unexpected file upload activity. Commands to detect such activity might include searching logs for upload requests or scanning uploaded files for disallowed types. For example, using grep to find upload requests in logs: `grep 'uploadImage' /var/log/nginx/access.log` or scanning uploaded files directory for suspicious extensions: `find /path/to/uploaded/files -type f \! -name '*.jpg' -a \! -name '*.png'` to identify files not matching expected image types. However, no specific detection commands are provided in the resources. [1, 2, 3]

Mitigation Strategies

Immediate mitigation steps include implementing a whitelist to restrict allowable file upload types in the uploadImage function to prevent unauthorized or harmful files from being uploaded. Since the current methods do not enforce file type validation, adding strict validation on the server side to only accept safe file types (e.g., specific image formats) is recommended. If patching is not immediately possible, consider disabling the uploadImage functionality or restricting access to it. Additionally, replacing the affected component or product with an alternative solution is suggested due to the lack of existing countermeasures. [1, 2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-9406. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart