CVE-2025-2835

Summary

A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the file com/zyd/blog/controller/RestApiController.java. The manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
zhangyd-cOneBlog2.3.0affected
zhangyd-cOneBlog2.3.1affected
zhangyd-cOneBlog2.3.2affected
zhangyd-cOneBlog2.3.3affected
zhangyd-cOneBlog2.3.4affected
zhangyd-cOneBlog2.3.5affected
zhangyd-cOneBlog2.3.6affected
zhangyd-cOneBlog2.3.7affected
zhangyd-cOneBlog2.3.8affected
zhangyd-cOneBlog2.3.9affected

Weaknesses

  • CWE-918: Server-Side Request Forgery

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References