CVE-2025-13814
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-01

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-01
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-12-01
EPSS Evaluated
2026-05-05
NVD
CVE-2025-13814
EUVD
EUVD-2025-199972
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mogublog_project mogublog to 5.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-13814 is a server-side request forgery (SSRF) vulnerability in Mogu Blog v2 up to version 5.2, specifically in the LocalFileServiceImpl.uploadPictureByUrl function at the /file/uploadPicsByUrl endpoint. The vulnerability arises because the application accepts URLs from users without proper validation and fetches their content using URLConnection.getInputStream() without restricting protocols or hosts. This allows unauthenticated attackers to make the server request arbitrary URLs, including local files (e.g., /etc/passwd) or internal network services, leading to arbitrary file reading and potential system compromise. [1, 3]


How can this vulnerability impact me? :

This vulnerability can allow attackers to read arbitrary local files on the server, access sensitive internal network services, and retrieve confidential information such as configuration files and private keys. Exploiting this flaw can lead to a complete system compromise, affecting confidentiality, integrity, and availability of the affected system. The attack can be performed remotely without authentication, making it highly dangerous. [1, 3]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring for requests to the /file/uploadPicsByUrl endpoint that include suspicious URL parameters, especially those containing file:// URIs or URLs targeting internal network services or sensitive metadata endpoints. Network intrusion detection systems (NIDS) can be configured to alert on such patterns. Additionally, reviewing server logs for unusual or unauthenticated access to /file/uploadPicsByUrl with URL parameters is recommended. Specific commands are not provided in the resources. [1, 3]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting or disabling public access to the /file/** endpoints, especially /file/uploadPicsByUrl, by enforcing authentication and authorization controls. Validate and sanitize all URL inputs to prevent SSRF attacks, disallowing file:// and other unsafe protocols. Since no vendor patch or countermeasure is available, consider replacing the affected component with an alternative product. Monitoring and blocking suspicious outbound requests from the server can also help reduce risk. [1, 3]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart