CVE-2025-9647
BaseFortify
Publication date: 2025-08-29
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mtons | mblog | to 3.5.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-9647 is a reflected Cross-Site Scripting (XSS) vulnerability in the mtons mblog application up to version 3.5.0. It occurs in the /admin/role/list endpoint, specifically in the 'name' parameter used in a search function. This parameter does not have proper validation or sanitization, and the output does not apply encoding or escaping. As a result, an attacker can inject malicious scripts that are reflected back in the server's response, potentially executing in the victim's browser when they interact with the affected page. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to execute malicious scripts in the context of your web application users' browsers. This can lead to actions such as session hijacking, defacement, or redirecting users to malicious sites. The attack can be initiated remotely without authentication but requires user interaction to trigger the malicious script. The integrity of the application is affected, and the exploit is publicly available, making it easier for attackers to exploit. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the /admin/role/list endpoint with a crafted payload in the 'name' parameter to check for reflected Cross-Site Scripting (XSS). For example, you can use curl or a browser to send a request with a script injection payload and observe if the script is reflected unescaped in the response. A sample curl command might be: curl -i 'http://target/admin/role/list?name=<script>alert(1)</script>' and check if the response contains the injected script. Additionally, automated web vulnerability scanners that test for reflected XSS can be used against this endpoint. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the /admin/role/list endpoint to trusted users only, applying web application firewall (WAF) rules to block suspicious input containing script tags or typical XSS payloads, and disabling or limiting the use of the vulnerable search function if possible. Since no known countermeasures or patches are currently available, replacing the affected product with an alternative or updating to a fixed version when available is recommended. [2]