CVE-2025-9406
BaseFortify
Publication date: 2025-08-25
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mossle | lemon | to 1.13.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-9406 is an unrestricted file upload vulnerability in the xuhuisheng lemon CMS up to version 1.13.0. It occurs in the uploadImage function of the CmsArticleController.java file, where there are no restrictions on the types of files that can be uploaded. The system attempts to rename uploaded files but does not validate or restrict file types, allowing attackers to upload arbitrary and potentially malicious files remotely without authentication. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can allow attackers to upload malicious files to the affected system, potentially leading to compromise of confidentiality, integrity, and availability. Since the uploaded files are unrestricted, attackers could upload scripts or executables that may be executed on the server, leading to unauthorized access, data breaches, or service disruption. The exploit is easy to perform remotely and a public proof-of-concept is available. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized or suspicious file uploads to the uploadImage function in the CmsArticleController component of xuhuisheng lemon CMS. Since the vulnerability allows unrestricted file uploads, detection can involve checking web server logs or application logs for unusual file types or unexpected file upload activity. Commands to detect such activity might include searching logs for upload requests or scanning uploaded files for disallowed types. For example, using grep to find upload requests in logs: `grep 'uploadImage' /var/log/nginx/access.log` or scanning uploaded files directory for suspicious extensions: `find /path/to/uploaded/files -type f \! -name '*.jpg' -a \! -name '*.png'` to identify files not matching expected image types. However, no specific detection commands are provided in the resources. [1, 2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing a whitelist to restrict allowable file upload types in the uploadImage function to prevent unauthorized or harmful files from being uploaded. Since the current methods do not enforce file type validation, adding strict validation on the server side to only accept safe file types (e.g., specific image formats) is recommended. If patching is not immediately possible, consider disabling the uploadImage functionality or restricting access to it. Additionally, replacing the affected component or product with an alternative solution is suggested due to the lack of existing countermeasures. [1, 2, 3]