CVE-2025-13816
Published: 01 December 2025
Summary
CVE-2025-13816 is a medium-severity Path Traversal (CWE-22) vulnerability in Mogublog Project Mogublog. Its CVSS base score is 6.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Direct Volume Access (T1006); ranked at the 29.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly validates the fileUrl argument in the FileOperation.unzip function to block path traversal sequences like ../
Requires identification and timely correction of the path traversal flaw in the ZIP File Handler's unzip endpoint.
Limits privileges of authenticated low-privilege users and the unzip process to restrict access to files outside the intended directory even if traversal occurs.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal (Zip Slip) in ZIP handler enables exploitation of public-facing web application (T1190), direct volume access for arbitrary file writes (T1006), and deployment of web shells via file overwrites in web directories (T1505.003).
NVD Description
A security vulnerability has been detected in moxi159753 Mogu Blog v2 up to 5.2. The impacted element is the function FileOperation.unzip of the file /networkDisk/unzipFile of the component ZIP File Handler. Such manipulation of the argument fileUrl leads to path…
more
traversal. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2025-13816, published on 2025-12-01, is a path traversal vulnerability (CWE-22) in moxi159753 Mogu Blog versions up to 5.2. The flaw resides in the FileOperation.unzip function of the /networkDisk/unzipFile endpoint within the ZIP File Handler component. Attackers can exploit it by manipulating the fileUrl argument to traverse directories beyond intended paths.
The vulnerability is exploitable remotely over the network (AV:N) with low attack complexity (AC:L) and requires low privileges (PR:L), without user interaction (UI:N) and with unchanged scope (S:U). It yields limited impacts on confidentiality, integrity, and availability (C:L/I:L/A:L), scored at CVSS 6.3 under CVSS:3.1, allowing authenticated users to potentially read, modify, or delete files outside the designated unzip directory.
Advisories from VulDB and a GitHub report detail a publicly disclosed proof-of-concept exploit. The vendor was contacted early regarding disclosure but provided no response, and no patches or official mitigations are available. References include GitHub paths to the exploit report and VulDB entries for further details.
The exploit has been publicly released and may be actively used in attacks.
Details
- CWE(s)