CVE-2025-9004CRITICAL 9.1EPSS p54.8%

CVE-2025-9004CVE-2025-9004

Description

A vulnerability was found in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /settings/password. The manipulation leads to improper restriction of excessive authentication attempts. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS0.90% probability of exploitation · percentile 54.8% · 2026-06-19T12:03:05Z
Published2025-08-15
Last modified2026-04-29

Underlying weaknesses· 2

CWE-307CWE-799

References

  1. https://gitee.com/mtons/mblog/issues/ICPMIR
  2. https://vuldb.com/?ctiid.320033
  3. https://vuldb.com/?id.320033
  4. https://vuldb.com/?submit.628785
  5. https://gitee.com/mtons/mblog/issues/ICPMIR

2

TypeTargetConfidenceTier
WeaknessImproper Restriction of Excessive Authentication Attemptscwe-3070%live
WeaknessImproper Control of Interaction Frequencycwe-7990%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-41429
CVE
CVE-2025-58587
CVE
CVE-2025-25595
CVE
CVE-2025-49195
CVE
CVE-2025-13813
CVE
CVE-2025-49181
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.