What is the CVSS score of CVE-2025-5509?

CVE-2025-5509 has a CVSS 3.1 base score of 6.3 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L. EPSS exploitation probability: 0.3%.

Which versions of Shiyi Blog are affected by CVE-2025-5509?

Organizations using quequnlong shiyi-blog should be aware of moderate risk from CVE-2025-5509, a path traversal vulnerability rated CVSS 6.3. This could allow unauthorized file access.

Is there a public PoC exploit available for CVE-2025-5509?

Yes, a public proof-of-concept exploit is available for CVE-2025-5509. Prioritise patching immediately. EPSS: 0.3%.

How to fix or mitigate CVE-2025-5509?

Within 30 days: Identify affected systems running quequnlong shiyi-blog and apply vendor patches as part of regular patch cycle. Review file handling controls.

Shiyi Blog CVE-2025-5509

EUVD-2025-16753 MEDIUM

Path Traversal (CWE-22)

2025-06-03 cna@vuldb.com

Path Traversal Shiyi Blog

6.3

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

6.3 MEDIUM

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 17:04 euvd

EUVD-2025-16753

Analysis Generated

Mar 14, 2026 - 17:04 vuln.today

PoC Detected

Jun 09, 2025 - 15:14 vuln.today

Public exploit code

CVE Published

Jun 03, 2025 - 16:15 nvd

MEDIUM 6.3

DescriptionCVE.org

A vulnerability classified as critical has been found in quequnlong shiyi-blog up to 1.2.1. This affects an unknown part of the file /api/file/upload. The manipulation of the argument file/source leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Analysis

Technical ContextAI

Path traversal allows an attacker to access files outside the intended directory by manipulating file paths with sequences like '../'.

RemediationAI

Validate and sanitize file path inputs. Use a whitelist of allowed files or directories. Implement chroot jails or containerization.

CVE-2025-5509 vulnerability details – vuln.today

Back