wangsongyan wblog backup.go RestorePost server-side request forgery_CVE-2025-9395

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was identified in wangsongyan wblog 0.0.1. This affects the function RestorePost of the file backup.go. Such manipulation of the argument fileName leads to server-side request forgery. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-9395

Source VulDB

Published Aug 24, 2025 at 22:02

Affected Product

Vendor wangsongyan

Product wblog

Version 0.0.1

Affected Versions wangsongyan wblog 0.0.1

CWE Classification

CWE-918

References

{
    "lastseen": "",
    "description": "A vulnerability was identified in wangsongyan wblog 0.0.1. This affects the function RestorePost of the file backup.go. Such manipulation of the argument fileName leads to server-side request forgery. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-08-24T22:02:05.588Z",
    "modified": "2025-08-24T22:02:05.588Z",
    "type": "cve",
    "title": "wangsongyan wblog backup.go RestorePost server-side request forgery",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.321231\nhttps://vuldb.com/?ctiid.321231\nhttps://vuldb.com/?submit.632367\nhttps://github.com/on-theway/wblog/blob/main/README.md\nhttps://github.com/on-theway/wblog/blob/main/README.md#vulnerability-details-and-poc",
    "id": "CVE-2025-9395",
    "bulletinFamily": "",
    "cwe": [
        "CWE-918"
    ],
    "cvelist": null,
    "sourceData": "wangsongyan wblog 0.0.1",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "wblog",
    "version": "0.0.1",
    "vendor": "wangsongyan",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}