CVE-2025-9004

A vulnerability was found in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /settings/password. The manipulation leads to improper restriction of excessive authentication attempts. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

CVSS v3 3.7 LOW
CVSS v2.0 2.6 LOW

3.7^/10

CVSS v3 : LOW

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.6^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:H/Au:N/C:P/I:N/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://gitee.com/mtons/mblog/issues/ICPMIR	Exploit
https://vuldb.com/?ctiid.320033	Permissions Required VDB Entry
https://vuldb.com/?id.320033	Third Party Advisory VDB Entry
https://vuldb.com/?submit.628785	Third Party Advisory VDB Entry
https://gitee.com/mtons/mblog/issues/ICPMIR	Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:mtons:mblog:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-08-15 03:15

Updated : 2025-08-27 18:23

NVD link : CVE-2025-9004

Mitre link : CVE-2025-9004

CVE.ORG link : CVE-2025-9004

JSON object : View

Products Affected

mtons

mblog

CWE

CWE-307

Improper Restriction of Excessive Authentication Attempts

CWE-799

Improper Control of Interaction Frequency

{"id": "CVE-2025-9004", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-15T03:15:38.360", "references": [{"url": "https://gitee.com/mtons/mblog/issues/ICPMIR", "tags": ["Exploit"], "source": "[email protected]"}, {"url": "https://vuldb.com/?ctiid.320033", "tags": ["Permissions Required", "VDB Entry"], "source": "[email protected]"}, {"url": "https://vuldb.com/?id.320033", "tags": ["Third Party Advisory", "VDB Entry"], "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.628785", "tags": ["Third Party Advisory", "VDB Entry"], "source": "[email protected]"}, {"url": "https://gitee.com/mtons/mblog/issues/ICPMIR", "tags": ["Exploit"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-307"}, {"lang": "en", "value": "CWE-799"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /settings/password. The manipulation leads to improper restriction of excessive authentication attempts. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en mtons mblog hasta la versi\u00f3n 3.5.0. Este problema afecta a un procesamiento desconocido del archivo /settings/password. La manipulaci\u00f3n provoca una restricci\u00f3n indebida de intentos de autenticaci\u00f3n excesivos. El ataque puede ejecutarse en remoto. Es un ataque de complejidad bastante alta. Parece dif\u00edcil de explotar. Se ha hecho p\u00fablico el exploit y puede que sea utilizado."}], "lastModified": "2025-08-27T18:23:35.450", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mtons:mblog:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D00A795A-C4BF-486D-B135-F183780C5569", "versionEndIncluding": "3.5.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}