CVE-2025-2835

A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the file com/zyd/blog/controller/RestApiController.java. The manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
References
Link Resource
https://github.com/zhangyd-c/OneBlog/issues/36 Exploit Issue Tracking
https://github.com/zhangyd-c/OneBlog/issues/36#issue-2923097259 Exploit Issue Tracking
https://vuldb.com/?ctiid.301471 Permissions Required VDB Entry
https://vuldb.com/?id.301471 Third Party Advisory VDB Entry
https://vuldb.com/?submit.521815 Third Party Advisory VDB Entry
https://github.com/zhangyd-c/OneBlog/issues/36 Exploit Issue Tracking
https://github.com/zhangyd-c/OneBlog/issues/36#issue-2923097259 Exploit Issue Tracking
Configurations

Configuration 1 (hide)

cpe:2.3:a:zhyd:oneblog:*:*:*:*:*:*:*:*

History

01 Apr 2025, 15:43

Type Values Removed Values Added
References () https://github.com/zhangyd-c/OneBlog/issues/36 - () https://github.com/zhangyd-c/OneBlog/issues/36 - Exploit, Issue Tracking
References () https://github.com/zhangyd-c/OneBlog/issues/36#issue-2923097259 - () https://github.com/zhangyd-c/OneBlog/issues/36#issue-2923097259 - Exploit, Issue Tracking
References () https://vuldb.com/?ctiid.301471 - () https://vuldb.com/?ctiid.301471 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.301471 - () https://vuldb.com/?id.301471 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.521815 - () https://vuldb.com/?submit.521815 - Third Party Advisory, VDB Entry
First Time Zhyd
Zhyd oneblog
CPE cpe:2.3:a:zhyd:oneblog:*:*:*:*:*:*:*:*

27 Mar 2025, 14:15

Type Values Removed Values Added
Summary
  • (es) Se encontró una vulnerabilidad en zhangyd-c OneBlog hasta la versión 2.3.9. Se ha declarado problemática. Esta vulnerabilidad afecta a la función autoLink del archivo com/zyd/blog/controller/RestApiController.java. La manipulación provoca Server-Side Request Forgery. El ataque puede ejecutarse remotamente. Se ha hecho público el exploit y puede que sea utilizado.
References () https://github.com/zhangyd-c/OneBlog/issues/36 - () https://github.com/zhangyd-c/OneBlog/issues/36 -
References () https://github.com/zhangyd-c/OneBlog/issues/36#issue-2923097259 - () https://github.com/zhangyd-c/OneBlog/issues/36#issue-2923097259 -

27 Mar 2025, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-03-27 04:15

Updated : 2025-04-01 15:43


NVD link : CVE-2025-2835

Mitre link : CVE-2025-2835

CVE.ORG link : CVE-2025-2835


JSON object : View

Products Affected

zhyd

  • oneblog
CWE
CWE-918

Server-Side Request Forgery (SSRF)