Cyber Resilience

CVE-2025-2363

Medium

Published: 17 March 2025

Published
17 March 2025
Modified
14 October 2025
KEV Added
Patch
CVSS Score v4 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0043 62.9th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-2363 is a medium-severity Path Traversal (CWE-22) vulnerability in Lenve Vblog. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Ingress Tool Transfer (T1105); ranked in the top 37.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-2363 is a path traversal vulnerability (CWE-22) classified as critical in lenve VBlog up to version 1.0.0. The issue affects the uploadImg function within the file blogserver/src/main/java/org/sang/controller/ArticleController.java, where manipulation of the filename argument enables attackers to traverse directories outside the intended upload path.

The vulnerability can be exploited remotely by an attacker with low privileges (PR:L), requiring network access (AV:N) and low complexity (AC:L) with no user interaction (UI:N). Successful exploitation results in limited impacts to confidentiality, integrity, and availability (C:L/I:L/A:L), as scored at CVSS 6.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L), potentially allowing unauthorized file access or modification in traversable directories.

Advisories from VulDB and a Notion page detail the vulnerability as an arbitrary file upload leading to path traversal, with the exploit publicly disclosed. No patches or vendor responses are available, as the vendor was contacted early but did not reply; security practitioners should restrict upload functionalities and validate filenames strictly.

The exploit has been made public and may be actively used, with no further details on real-world exploitation provided in available sources.

EU & UK References

Vulnerability details

A vulnerability classified as critical has been found in lenve VBlog up to 1.0.0. Affected is the function uploadImg of the file blogserver/src/main/java/org/sang/controller/ArticleController.java. The manipulation of the argument filename leads to path traversal. It is possible to launch the attack…

more

remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1105 Ingress Tool Transfer Command And Control
Adversaries may transfer tools or other files from an external system into a compromised environment.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
T1608.001 Upload Malware Resource Development
Adversaries may upload malware to third-party or adversary controlled infrastructure to make it accessible during targeting.
Why these techniques?

Path traversal in unrestricted file upload enables remote arbitrary file writes, facilitating public-facing app exploitation (T1190), web shell deployment (T1505.003), tool transfer into victim environment (T1105), and malware staging (T1608.001).

CVEs Like This One

CVE-2025-41714Shared CWE-22
CVE-2026-7411Shared CWE-22
CVE-2026-36767Shared CWE-22
CVE-2026-5027Shared CWE-22
CVE-2025-2707Shared CWE-22
CVE-2025-1661Shared CWE-22
CVE-2026-33529Shared CWE-22
CVE-2026-9550Shared CWE-22
CVE-2024-44373Shared CWE-22
CVE-2019-25471Shared CWE-22

Affected Assets

lenve
vblog
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly validates filename inputs in the uploadImg function to reject or sanitize path traversal sequences like '../', preventing exploitation.

prevent

Mandates timely identification, reporting, and correction of the path traversal flaw in VBlog, addressing the unpatched vulnerability.

prevent

Enforces logical access restrictions on file system directories to limit damage from successful path traversal writes outside intended upload paths.

References