CVE-2025-13814 | moxi159753 Mogu Blog v2 up to 5.2 /file/uploadPicsByUrl LocalFileServiceImpl.uploadPictureByUrl server-side request forgery

November 30, 2025 Yanac

A vulnerability was found in moxi159753 Mogu Blog v2 up to 5.2. It has been declared as critical. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation results in server-side request forgery.

This vulnerability is reported as CVE-2025-13814. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More