CVE-2025-13816
Published: 01 December 2025
Description
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Security Summary
CVE-2025-13816, published on 2025-12-01, is a path traversal vulnerability (CWE-22) in moxi159753 Mogu Blog versions up to 5.2. The flaw resides in the FileOperation.unzip function of the /networkDisk/unzipFile endpoint within the ZIP File Handler component. Attackers can exploit it by manipulating the fileUrl argument to traverse directories beyond intended paths.
The vulnerability is exploitable remotely over the network (AV:N) with low attack complexity (AC:L) and requires low privileges (PR:L), without user interaction (UI:N) and with unchanged scope (S:U). It yields limited impacts on confidentiality, integrity, and availability (C:L/I:L/A:L), scored at CVSS 6.3 under CVSS:3.1, allowing authenticated users to potentially read, modify, or delete files outside the designated unzip directory.
Advisories from VulDB and a GitHub report detail a publicly disclosed proof-of-concept exploit. The vendor was contacted early regarding disclosure but provided no response, and no patches or official mitigations are available. References include GitHub paths to the exploit report and VulDB entries for further details.
The exploit has been publicly released and may be actively used in attacks.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Path traversal (Zip Slip) in ZIP handler enables exploitation of public-facing web application (T1190), direct volume access for arbitrary file writes (T1006), and deployment of web shells via file overwrites in web directories (T1505.003).