Vulnerability Description
A weakness has been identified in xuhuisheng lemon up to 1.13.0. This affects the function uploadImage of the file CmsArticleController.java of the component com.mossle.cms.web.CmsArticleController.uploadImage. This manipulation of the argument Upload causes unrestricted upload. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mossle | Lemon | <= 1.13.0 |
Related Weaknesses (CWE)
References
- https://github.com/xuhuisheng/lemon/issues/212ExploitIssue Tracking
- https://github.com/xuhuisheng/lemon/issues/212#issue-3317490086ExploitIssue Tracking
- https://vuldb.com/?ctiid.321242Permissions RequiredVDB Entry
- https://vuldb.com/?id.321242Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.633593Third Party AdvisoryVDB Entry
- https://github.com/xuhuisheng/lemon/issues/212ExploitIssue Tracking
- https://github.com/xuhuisheng/lemon/issues/212#issue-3317490086ExploitIssue Tracking
- https://vuldb.com/?submit.633593Third Party AdvisoryVDB Entry
FAQ
What is CVE-2025-9406?
CVE-2025-9406 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A weakness has been identified in xuhuisheng lemon up to 1.13.0. This affects the function uploadImage of the file CmsArticleController.java of the component com.mossle.cms.web.CmsArticleController.up...
How severe is CVE-2025-9406?
CVE-2025-9406 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-9406?
Check the references section above for vendor advisories and patch information. Affected products include: Mossle Lemon.