CVE-2025-13813 MEDIUM

CVE-2025-13813: moxi159753 Mogu Blog v2 Storage Management Endpoint storage authorization

Vendor Moxi159753
Product Mogu Blog v2
Weakness CWE-862 · Missing authorization
Published December 1, 2025
Last update December 1, 2025

CVSS base score

6.3/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was identified in moxi159753 Mogu Blog v2 up to 5.2. This issue affects some unknown processing of the file /storage/ of the component Storage Management Endpoint. The manipulation leads to missing authorization. The attack can be initiated remotely. The attack's complexity is rated as high. The exploitability is assessed as difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

December 1, 2025 CVE published
December 1, 2025 Record updated