Is there a public PoC exploit available for CVE-2025-13814?

Yes, a public proof-of-concept exploit is available for CVE-2025-13814. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2025-13814?

Within 24 hours: Inventory all Mogu Blog deployments and verify versions; implement network-level restrictions to limit outbound requests from the application server. Within 7 days: Deploy WAF rules to block malicious requests to /file/uploadPicsByUrl endpoint; disable the picture upload-by-URL feature if operationally feasible. Within 30 days: Evaluate migration to alternative blogging platforms or establish contact with vendor for security roadmap; conduct log analysis for exploitation attempts.

CVE-2025-13814

Q: What is the CVSS score of CVE-2025-13814?

CVE-2025-13814 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2025-199972 MEDIUM

Server-Side Request Forgery (SSRF) (CWE-918)

2025-12-01 cna@vuldb.com

SSRF

5.5

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

5.5 MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

Apr 29, 2026 - 01:11 NVD

HIGH MEDIUM

CVSS changed

Apr 29, 2026 - 01:11 NVD

7.3 (HIGH) 5.5 (MEDIUM)

EUVD ID Assigned

Mar 15, 2026 - 13:34 euvd

EUVD-2025-199972

Analysis Generated

Mar 15, 2026 - 13:34 vuln.today

PoC Detected

Dec 03, 2025 - 22:02 vuln.today

Public exploit code

CVE Published

Dec 01, 2025 - 08:15 nvd

HIGH 7.3

DescriptionCVE.org

A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Analysis

CVE-2025-13814 vulnerability details – vuln.today

Back