CVE-2025-2835 - Vulnerability Details

Vendors	Products
Zhyd	Oneblog

Link	Providers
https://github.com/zhangyd-c/OneBlog/issues/36
https://github.com/zhangyd-c/OneBlog/issues/36#issue-2923097259
https://vuldb.com/?ctiid.301471
https://vuldb.com/?id.301471
https://vuldb.com/?submit.521815

Type	Values Removed	Values Added
First Time appeared		Zhyd Zhyd oneblog
CPEs		cpe:2.3:a:zhyd:oneblog::::::::
Vendors & Products		Zhyd Zhyd oneblog

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Type	Values Removed	Values Added
Description		A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the file com/zyd/blog/controller/RestApiController.java. The manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Title		zhangyd-c OneBlog RestApiController.java autoLink server-side request forgery
Weaknesses		CWE-918
References		https://github.com/zhangyd-c/OneBlog/issues/36 https://github.com/zhangyd-c/OneBlog/issues/36#issue-2923097259 https://vuldb.com/?ctiid.301471 https://vuldb.com/?id.301471 https://vuldb.com/?submit.521815
Metrics		cvssV2_0 `{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:P/A:N'}` cvssV3_0 `{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}` cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-2835", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-03-26T20:32:36.959Z", "datePublished": "2025-03-27T04:00:07.721Z", "dateUpdated": "2025-03-27T13:40:16.293Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-03-27T04:00:07.721Z"}, "title": "zhangyd-c OneBlog RestApiController.java autoLink server-side request forgery", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-918", "lang": "en", "description": "Server-Side Request Forgery"}]}], "affected": [{"vendor": "zhangyd-c", "product": "OneBlog", "versions": [{"version": "2.3.0", "status": "affected"}, {"version": "2.3.1", "status": "affected"}, {"version": "2.3.2", "status": "affected"}, {"version": "2.3.3", "status": "affected"}, {"version": "2.3.4", "status": "affected"}, {"version": "2.3.5", "status": "affected"}, {"version": "2.3.6", "status": "affected"}, {"version": "2.3.7", "status": "affected"}, {"version": "2.3.8", "status": "affected"}, {"version": "2.3.9", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the file com/zyd/blog/controller/RestApiController.java. The manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."}, {"lang": "de", "value": "In zhangyd-c OneBlog bis 2.3.9 wurde eine problematische Schwachstelle ausgemacht. Das betrifft die Funktion autoLink der Datei com/zyd/blog/controller/RestApiController.java. Mittels dem Manipulieren mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}], "timeline": [{"time": "2025-03-26T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-03-26T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-03-26T21:37:40.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "s1mple_xy (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.301471", "name": "VDB-301471 | zhangyd-c OneBlog RestApiController.java autoLink server-side request forgery", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.301471", "name": "VDB-301471 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.521815", "name": "Submit #521815 | https://github.com/zhangyd-c/OneBlog oneblog 2.3.9 SSRF", "tags": ["third-party-advisory"]}, {"url": "https://github.com/zhangyd-c/OneBlog/issues/36", "tags": ["issue-tracking"]}, {"url": "https://github.com/zhangyd-c/OneBlog/issues/36#issue-2923097259", "tags": ["exploit", "issue-tracking"]}]}, "adp": [{"references": [{"url": "https://github.com/zhangyd-c/OneBlog/issues/36#issue-2923097259", "tags": ["exploit"]}, {"url": "https://github.com/zhangyd-c/OneBlog/issues/36", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-27T13:40:12.227385Z", "id": "CVE-2025-2835", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-27T13:40:16.293Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2025-2835 (string)

assignerOrgId : 1af790b2-7ee1-4545-860a-a788eba489b5 (string)

state : PUBLISHED (string)

assignerShortName : VulDB (string)

dateReserved : 2025-03-26T20:32:36.959Z (string)

datePublished : 2025-03-27T04:00:07.721Z (string)

dateUpdated : 2025-03-27T13:40:16.293Z (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 1af790b2-7ee1-4545-860a-a788eba489b5 (string)

shortName : VulDB (string)

dateUpdated : 2025-03-27T04:00:07.721Z (string)

}

title : zhangyd-c OneBlog RestApiController.java autoLink server-side request forgery (string)

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : CWE (string)

cweId : CWE-918 (string)

lang : en (string)

description : Server-Side Request Forgery (string)

}

]

}

]

affected : [ »

0 : { »

vendor : zhangyd-c (string)

product : OneBlog (string)

versions : [ »

0 : { »

version : 2.3.0 (string)

status : affected (string)

}

1 : { »

version : 2.3.1 (string)

status : affected (string)

}

2 : { »

version : 2.3.2 (string)

status : affected (string)

}

3 : { »

version : 2.3.3 (string)

status : affected (string)

}

4 : { »

version : 2.3.4 (string)

status : affected (string)

}

5 : { »

version : 2.3.5 (string)

status : affected (string)

}

6 : { »

version : 2.3.6 (string)

status : affected (string)

}

7 : { »

version : 2.3.7 (string)

status : affected (string)

}

8 : { »

version : 2.3.8 (string)

status : affected (string)

}

9 : { »

version : 2.3.9 (string)

status : affected (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the file com/zyd/blog/controller/RestApiController.java. The manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. (string)

}

1 : { »

lang : de (string)

value : In zhangyd-c OneBlog bis 2.3.9 wurde eine problematische Schwachstelle ausgemacht. Das betrifft die Funktion autoLink der Datei com/zyd/blog/controller/RestApiController.java. Mittels dem Manipulieren mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung. (string)

}

]

metrics : [ »

0 : { »

cvssV4_0 : { »

version : 4.0 (string)

baseScore : 5.3 (number)

vectorString : CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N (string)

baseSeverity : MEDIUM (string)

}

1 : { »

cvssV3_1 : { »

version : 3.1 (string)

baseScore : 4.3 (number)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N (string)

baseSeverity : MEDIUM (string)

}

2 : { »

cvssV3_0 : { »

version : 3.0 (string)

baseScore : 4.3 (number)

vectorString : CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N (string)

baseSeverity : MEDIUM (string)

}

3 : { »

cvssV2_0 : { »

version : 2.0 (string)

baseScore : 4 (number)

vectorString : AV:N/AC:L/Au:S/C:N/I:P/A:N (string)

}

]

timeline : [ »

0 : { »

time : 2025-03-26T00:00:00.000Z (string)

lang : en (string)

value : Advisory disclosed (string)

}

1 : { »

time : 2025-03-26T01:00:00.000Z (string)

lang : en (string)

value : VulDB entry created (string)

}

2 : { »

time : 2025-03-26T21:37:40.000Z (string)

lang : en (string)

value : VulDB entry last update (string)

}

]

credits : [ »

0 : { »

lang : en (string)

value : s1mple_xy (VulDB User) (string)

type : reporter (string)

}

]

references : [ »

0 : { »

url : https://vuldb.com/?id.301471 (string)

name : VDB-301471 | zhangyd-c OneBlog RestApiController.java autoLink server-side request forgery (string)

tags : [ »

0 : vdb-entry (string)

1 : technical-description (string)

]

}

1 : { »

url : https://vuldb.com/?ctiid.301471 (string)

name : VDB-301471 | CTI Indicators (IOB, IOC, IOA) (string)

tags : [ »

0 : signature (string)

1 : permissions-required (string)

]

}

2 : { »

url : https://vuldb.com/?submit.521815 (string)

name : Submit #521815 | https://github.com/zhangyd-c/OneBlog oneblog 2.3.9 SSRF (string)

tags : [ »

0 : third-party-advisory (string)

]

}

3 : { »

url : https://github.com/zhangyd-c/OneBlog/issues/36 (string)

tags : [ »

0 : issue-tracking (string)

]

}

4 : { »

url : https://github.com/zhangyd-c/OneBlog/issues/36#issue-2923097259 (string)

tags : [ »

0 : exploit (string)

1 : issue-tracking (string)

]

}

]

}

adp : [ »

0 : { »

references : [ »

0 : { »

url : https://github.com/zhangyd-c/OneBlog/issues/36#issue-2923097259 (string)

tags : [ »

0 : exploit (string)

]

}

1 : { »

url : https://github.com/zhangyd-c/OneBlog/issues/36 (string)

tags : [ »

0 : exploit (string)

]

}

]

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2025-03-27T13:40:12.227385Z (string)

id : CVE-2025-2835 (string)

options : [ »

0 : { »

Exploitation : poc (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-03-27T13:40:16.293Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2835", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-27T13:40:12.227385Z"}}}], "references": [{"url": "https://github.com/zhangyd-c/OneBlog/issues/36#issue-2923097259", "tags": ["exploit"]}, {"url": "https://github.com/zhangyd-c/OneBlog/issues/36", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-27T13:40:04.038Z"}}], "cna": {"title": "zhangyd-c OneBlog RestApiController.java autoLink server-side request forgery", "credits": [{"lang": "en", "type": "reporter", "value": "s1mple_xy (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}], "affected": [{"vendor": "zhangyd-c", "product": "OneBlog", "versions": [{"status": "affected", "version": "2.3.0"}, {"status": "affected", "version": "2.3.1"}, {"status": "affected", "version": "2.3.2"}, {"status": "affected", "version": "2.3.3"}, {"status": "affected", "version": "2.3.4"}, {"status": "affected", "version": "2.3.5"}, {"status": "affected", "version": "2.3.6"}, {"status": "affected", "version": "2.3.7"}, {"status": "affected", "version": "2.3.8"}, {"status": "affected", "version": "2.3.9"}]}], "timeline": [{"lang": "en", "time": "2025-03-26T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-03-26T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-03-26T21:37:40.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.301471", "name": "VDB-301471 | zhangyd-c OneBlog RestApiController.java autoLink server-side request forgery", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.301471", "name": "VDB-301471 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.521815", "name": "Submit #521815 | https://github.com/zhangyd-c/OneBlog oneblog 2.3.9 SSRF", "tags": ["third-party-advisory"]}, {"url": "https://github.com/zhangyd-c/OneBlog/issues/36", "tags": ["issue-tracking"]}, {"url": "https://github.com/zhangyd-c/OneBlog/issues/36#issue-2923097259", "tags": ["exploit", "issue-tracking"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the file com/zyd/blog/controller/RestApiController.java. The manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."}, {"lang": "de", "value": "In zhangyd-c OneBlog bis 2.3.9 wurde eine problematische Schwachstelle ausgemacht. Das betrifft die Funktion autoLink der Datei com/zyd/blog/controller/RestApiController.java. Mittels dem Manipulieren mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "Server-Side Request Forgery"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-03-27T04:00:07.721Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2835", "state": "PUBLISHED", "dateUpdated": "2025-03-27T13:40:16.293Z", "dateReserved": "2025-03-26T20:32:36.959Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-03-27T04:00:07.721Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2025-2835 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : poc (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2025-03-27T13:40:12.227385Z (string)

}

]

references : [ »

0 : { »

url : https://github.com/zhangyd-c/OneBlog/issues/36#issue-2923097259 (string)

tags : [ »

0 : exploit (string)

]

}

1 : { »

url : https://github.com/zhangyd-c/OneBlog/issues/36 (string)

tags : [ »

0 : exploit (string)

]

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-03-27T13:40:04.038Z (string)

}

]

cna : { »

title : zhangyd-c OneBlog RestApiController.java autoLink server-side request forgery (string)

credits : [ »

0 : { »

lang : en (string)

type : reporter (string)

value : s1mple_xy (VulDB User) (string)

}

]

metrics : [ »

0 : { »

cvssV4_0 : { »

version : 4.0 (string)

baseScore : 5.3 (number)

baseSeverity : MEDIUM (string)

vectorString : CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N (string)

}

1 : { »

cvssV3_1 : { »

version : 3.1 (string)

baseScore : 4.3 (number)

baseSeverity : MEDIUM (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N (string)

}

2 : { »

cvssV3_0 : { »

version : 3.0 (string)

baseScore : 4.3 (number)

baseSeverity : MEDIUM (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N (string)

}

3 : { »

cvssV2_0 : { »

version : 2.0 (string)

baseScore : 4 (number)

vectorString : AV:N/AC:L/Au:S/C:N/I:P/A:N (string)

}

]

affected : [ »

0 : { »

vendor : zhangyd-c (string)

product : OneBlog (string)

versions : [ »

0 : { »

status : affected (string)

version : 2.3.0 (string)

}

1 : { »

status : affected (string)

version : 2.3.1 (string)

}

2 : { »

status : affected (string)

version : 2.3.2 (string)

}

3 : { »

status : affected (string)

version : 2.3.3 (string)

}

4 : { »

status : affected (string)

version : 2.3.4 (string)

}

5 : { »

status : affected (string)

version : 2.3.5 (string)

}

6 : { »

status : affected (string)

version : 2.3.6 (string)

}

7 : { »

status : affected (string)

version : 2.3.7 (string)

}

8 : { »

status : affected (string)

version : 2.3.8 (string)

}

9 : { »

status : affected (string)

version : 2.3.9 (string)

}

]

}

]

timeline : [ »

0 : { »

lang : en (string)

time : 2025-03-26T00:00:00.000Z (string)

value : Advisory disclosed (string)

}

1 : { »

lang : en (string)

time : 2025-03-26T01:00:00.000Z (string)

value : VulDB entry created (string)

}

2 : { »

lang : en (string)

time : 2025-03-26T21:37:40.000Z (string)

value : VulDB entry last update (string)

}

]

references : [ »

0 : { »

url : https://vuldb.com/?id.301471 (string)

name : VDB-301471 | zhangyd-c OneBlog RestApiController.java autoLink server-side request forgery (string)

tags : [ »

0 : vdb-entry (string)

1 : technical-description (string)

]

}

1 : { »

url : https://vuldb.com/?ctiid.301471 (string)

name : VDB-301471 | CTI Indicators (IOB, IOC, IOA) (string)

tags : [ »

0 : signature (string)

1 : permissions-required (string)

]

}

2 : { »

url : https://vuldb.com/?submit.521815 (string)

name : Submit #521815 | https://github.com/zhangyd-c/OneBlog oneblog 2.3.9 SSRF (string)

tags : [ »

0 : third-party-advisory (string)

]

}

3 : { »

url : https://github.com/zhangyd-c/OneBlog/issues/36 (string)

tags : [ »

0 : issue-tracking (string)

]

}

4 : { »

url : https://github.com/zhangyd-c/OneBlog/issues/36#issue-2923097259 (string)

tags : [ »

0 : exploit (string)

1 : issue-tracking (string)

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the file com/zyd/blog/controller/RestApiController.java. The manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. (string)

}

1 : { »

lang : de (string)

value : In zhangyd-c OneBlog bis 2.3.9 wurde eine problematische Schwachstelle ausgemacht. Das betrifft die Funktion autoLink der Datei com/zyd/blog/controller/RestApiController.java. Mittels dem Manipulieren mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-918 (string)

description : Server-Side Request Forgery (string)

}

]

}

]

providerMetadata : { »

orgId : 1af790b2-7ee1-4545-860a-a788eba489b5 (string)

shortName : VulDB (string)

dateUpdated : 2025-03-27T04:00:07.721Z (string)

}

cveMetadata : { »

cveId : CVE-2025-2835 (string)

state : PUBLISHED (string)

dateUpdated : 2025-03-27T13:40:16.293Z (string)

dateReserved : 2025-03-26T20:32:36.959Z (string)

assignerOrgId : 1af790b2-7ee1-4545-860a-a788eba489b5 (string)

datePublished : 2025-03-27T04:00:07.721Z (string)

assignerShortName : VulDB (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zhyd:oneblog:*:*:*:*:*:*:*:*", "matchCriteriaId": "A0C22046-D0BA-4159-92D1-3DC96B54CDD8", "versionEndIncluding": "2.3.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the file com/zyd/blog/controller/RestApiController.java. The manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en zhangyd-c OneBlog hasta la versi\u00f3n 2.3.9. Se ha declarado problem\u00e1tica. Esta vulnerabilidad afecta a la funci\u00f3n autoLink del archivo com/zyd/blog/controller/RestApiController.java. La manipulaci\u00f3n provoca Server-Side Request Forgery. El ataque puede ejecutarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado."}], "id": "CVE-2025-2835", "lastModified": "2025-04-01T15:43:38.550", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-03-27T04:15:25.520", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/zhangyd-c/OneBlog/issues/36"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/zhangyd-c/OneBlog/issues/36#issue-2923097259"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.301471"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.301471"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.521815"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/zhangyd-c/OneBlog/issues/36"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/zhangyd-c/OneBlog/issues/36#issue-2923097259"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:zhyd:oneblog:*:*:*:*:*:*:*:* (string)

matchCriteriaId : A0C22046-D0BA-4159-92D1-3DC96B54CDD8 (string)

versionEndIncluding : 2.3.9 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the file com/zyd/blog/controller/RestApiController.java. The manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. (string)

}

1 : { »

lang : es (string)

value : Se encontró una vulnerabilidad en zhangyd-c OneBlog hasta la versión 2.3.9. Se ha declarado problemática. Esta vulnerabilidad afecta a la función autoLink del archivo com/zyd/blog/controller/RestApiController.java. La manipulación provoca Server-Side Request Forgery. El ataque puede ejecutarse remotamente. Se ha hecho público el exploit y puede que sea utilizado. (string)

}

]

id : CVE-2025-2835 (string)

lastModified : 2025-04-01T15:43:38.550 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : NONE (string)

baseScore : 4 (number)

confidentialityImpact : NONE (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:S/C:N/I:P/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 8 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : cna@vuldb.com (string)

type : Secondary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 4.3 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : LOW (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 1.4 (number)

source : cna@vuldb.com (string)

type : Secondary (string)

}

]

cvssMetricV40 : [ »

0 : { »

cvssData : { »

Automatable : NOT_DEFINED (string)

Recovery : NOT_DEFINED (string)

Safety : NOT_DEFINED (string)

attackComplexity : LOW (string)

attackRequirements : NONE (string)

attackVector : NETWORK (string)

availabilityRequirement : NOT_DEFINED (string)

baseScore : 5.3 (number)

baseSeverity : MEDIUM (string)

confidentialityRequirement : NOT_DEFINED (string)

exploitMaturity : NOT_DEFINED (string)

integrityRequirement : NOT_DEFINED (string)

modifiedAttackComplexity : NOT_DEFINED (string)

modifiedAttackRequirements : NOT_DEFINED (string)

modifiedAttackVector : NOT_DEFINED (string)

modifiedPrivilegesRequired : NOT_DEFINED (string)

modifiedSubAvailabilityImpact : NOT_DEFINED (string)

modifiedSubConfidentialityImpact : NOT_DEFINED (string)

modifiedSubIntegrityImpact : NOT_DEFINED (string)

modifiedUserInteraction : NOT_DEFINED (string)

modifiedVulnAvailabilityImpact : NOT_DEFINED (string)

modifiedVulnConfidentialityImpact : NOT_DEFINED (string)

modifiedVulnIntegrityImpact : NOT_DEFINED (string)

privilegesRequired : LOW (string)

providerUrgency : NOT_DEFINED (string)

subAvailabilityImpact : NONE (string)

subConfidentialityImpact : NONE (string)

subIntegrityImpact : NONE (string)

userInteraction : NONE (string)

valueDensity : NOT_DEFINED (string)

vectorString : CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X (string)

version : 4.0 (string)

vulnAvailabilityImpact : NONE (string)

vulnConfidentialityImpact : NONE (string)

vulnIntegrityImpact : LOW (string)

vulnerabilityResponseEffort : NOT_DEFINED (string)

}

source : cna@vuldb.com (string)

type : Secondary (string)

}

]

}

published : 2025-03-27T04:15:25.520 (string)

references : [ »

0 : { »

source : cna@vuldb.com (string)

tags : [ »

0 : Exploit (string)

1 : Issue Tracking (string)

]

url : https://github.com/zhangyd-c/OneBlog/issues/36 (string)

}

1 : { »

source : cna@vuldb.com (string)

tags : [ »

0 : Exploit (string)

1 : Issue Tracking (string)

]

url : https://github.com/zhangyd-c/OneBlog/issues/36#issue-2923097259 (string)

}

2 : { »

source : cna@vuldb.com (string)

tags : [ »

0 : Permissions Required (string)

1 : VDB Entry (string)

]

url : https://vuldb.com/?ctiid.301471 (string)

}

3 : { »

source : cna@vuldb.com (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : https://vuldb.com/?id.301471 (string)

}

4 : { »

source : cna@vuldb.com (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : https://vuldb.com/?submit.521815 (string)

}

5 : { »

source : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

tags : [ »

0 : Exploit (string)

1 : Issue Tracking (string)

]

url : https://github.com/zhangyd-c/OneBlog/issues/36 (string)

}

6 : { »

source : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

tags : [ »

0 : Exploit (string)

1 : Issue Tracking (string)

]

url : https://github.com/zhangyd-c/OneBlog/issues/36#issue-2923097259 (string)

}

]

sourceIdentifier : cna@vuldb.com (string)

vulnStatus : Analyzed (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-918 (string)

}

]

source : cna@vuldb.com (string)

type : Secondary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Exploitation poc

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Exploitation poc

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object