← Back to CVEs
CVE-2025-8927
LOW3.7
Description
A vulnerability was determined in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality of the file /email/send_code of the component Verification Code Handler. The manipulation of the argument email leads to improper restriction of excessive authentication attempts. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
CVE Details
CVSS v3.1 Score3.7
SeverityLOW
CVSS VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack VectorNETWORK
ComplexityHIGH
Privileges RequiredNONE
User InteractionNONE
Published8/13/2025
Last Modified8/27/2025
Sourcenvd
Honeypot Sightings0
Affected Products
mtons:mblog
Weaknesses (CWE)
CWE-307CWE-799
References
https://gitee.com/mtons/mblog/issues/ICPMJR(cna@vuldb.com)
https://vuldb.com/?ctiid.319886(cna@vuldb.com)
https://vuldb.com/?id.319886(cna@vuldb.com)
https://vuldb.com/?submit.631654(cna@vuldb.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.