CVE-2025-9406 – Apache Mossle CMS Unrestricted File Upload Vulnerability

CVE ID : CVE-2025-9406

Published : Aug. 25, 2025, 4:15 a.m. | 17 minutes ago

Description : A weakness has been identified in xuhuisheng lemon up to 1.13.0. This affects the function uploadImage of the file CmsArticleController.java of the component com.mossle.cms.web.CmsArticleController.uploadImage. This manipulation of the argument Upload causes unrestricted upload. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…