CVE-2025-13816 is a path traversal vulnerability affecting moxi159753 Mogu Blog v2 versions 5.0 through 5.2. The vulnerability resides in the FileOperation.unzip function of the ZIP File Handler component, specifically in the /networkDisk/unzipFile file. This function processes a fileUrl parameter that is insufficiently sanitized, allowing an attacker to craft a malicious input that traverses directories (e.g., using '../' sequences) to access or overwrite files outside the intended extraction directory. The vulnerability can be exploited remotely without user interaction and requires only low-level privileges, making it accessible to a wide range of attackers. The CVSS 4.0 score is 5.3 (medium), reflecting the moderate impact on confidentiality, integrity, and availability due to limited scope and privilege requirements. The vendor was notified but has not responded or issued a patch, and no known exploits have been observed in the wild yet. This vulnerability could lead to unauthorized disclosure, modification, or deletion of sensitive files on the server hosting Mogu Blog, potentially compromising the integrity and confidentiality of the web application and its data.

For European organizations using Mogu Blog v2, this vulnerability poses a risk of unauthorized file access and modification, which can lead to data breaches, defacement, or disruption of blog services. Confidential information stored on the server could be exposed or altered, impacting data privacy compliance obligations such as GDPR. The ability to overwrite files could allow attackers to implant malicious code or backdoors, escalating the threat to broader network compromise. Although exploitation requires low privileges, the remote attack vector increases the risk of widespread exploitation if the software is internet-facing. The lack of vendor response and patches increases exposure time, raising the urgency for organizations to implement compensating controls. The impact is particularly significant for organizations relying on Mogu Blog for public-facing content or internal communications, where integrity and availability are critical.

Since no official patches or vendor responses are available, European organizations should implement the following mitigations: 1) Restrict network access to the Mogu Blog server, limiting exposure to trusted IP addresses or internal networks only. 2) Employ web application firewalls (WAFs) with custom rules to detect and block path traversal patterns in requests targeting /networkDisk/unzipFile or related endpoints. 3) Monitor logs for suspicious fileUrl parameter values containing directory traversal sequences and unusual file system activity. 4) If feasible, disable or restrict the unzip functionality until a patch is available. 5) Conduct regular backups of critical blog data and server files to enable recovery from potential tampering. 6) Consider migrating to alternative blogging platforms with active security maintenance if Mogu Blog is critical and unpatched. 7) Implement strict file system permissions to limit the impact of any unauthorized file writes. 8) Stay alert for vendor updates or community patches and apply them promptly once available.