CVE-2025-13816 | moxi159753 Mogu Blog v2 up to 5.2 ZIP File /networkDisk/unzipFile FileOperation.unzip fileUrl path traversal

November 30, 2025 Yanac

A vulnerability categorized as critical has been discovered in moxi159753 Mogu Blog v2 up to 5.2. The impacted element is the function FileOperation.unzip of the file /networkDisk/unzipFile of the component ZIP File Handler. Such manipulation of the argument fileUrl leads to path traversal.

This vulnerability is traded as CVE-2025-13816. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More