CVE-2025-8992

MEDIUM

Mtons Mblog < 3.5.0 - Missing Authorization

Title source: rule

Description

A vulnerability has been found in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

gitee 3,324 stars

by mtons · javawriteup

https://gitee.com/mtons/mblog/issues/ICPMGP

References (4)

[Exploit] https://gitee.com/mtons/mblog/issues/ICPMGP

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.319988

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.319988

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.628765

Scores

CVSS v3 4.3

EPSS 0.0003

EPSS Percentile 9.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Classification

CWE

CWE-862 CWE-352

Status published

Affected Products (1)

mtons/mblog < 3.5.0

Timeline

Published Aug 15, 2025

Tracked Since Feb 18, 2026