CVE-2025-9406

Summary

A weakness has been identified in xuhuisheng lemon up to 1.13.0. This affects the function uploadImage of the file CmsArticleController.java of the component com.mossle.cms.web.CmsArticleController.uploadImage. This manipulation of the argument Upload causes unrestricted upload. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.

Affected Software

VendorProductVersion RangeStatus
xuhuishenglemon1.0affected
xuhuishenglemon1.1affected
xuhuishenglemon1.2affected
xuhuishenglemon1.3affected
xuhuishenglemon1.4affected
xuhuishenglemon1.5affected
xuhuishenglemon1.6affected
xuhuishenglemon1.7affected
xuhuishenglemon1.8affected
xuhuishenglemon1.9affected
xuhuishenglemon1.10affected
xuhuishenglemon1.11affected
xuhuishenglemon1.12affected
xuhuishenglemon1.13.0affected

Weaknesses

  • CWE-434: Unrestricted Upload
  • CWE-284: Improper Access Controls

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References