A vulnerability was determined in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality of the file /email/send_code of the component Verification Code Handler. The manipulation of the argument email leads to improper restriction of excessive authentication attempts. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
History

Wed, 27 Aug 2025 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Mtons
Mtons mblog
CPEs cpe:2.3:a:mtons:mblog:*:*:*:*:*:*:*:*
Vendors & Products Mtons
Mtons mblog

Thu, 14 Aug 2025 06:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 13 Aug 2025 20:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality of the file /email/send_code of the component Verification Code Handler. The manipulation of the argument email leads to improper restriction of excessive authentication attempts. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
Title mtons mblog Verification Code send_code excessive authentication
Weaknesses CWE-307
CWE-799
References
Metrics cvssV2_0

{'score': 2.6, 'vector': 'AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 3.7, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2025-08-13T20:13:14.628Z

Reserved: 2025-08-13T11:18:38.281Z

Link: CVE-2025-8927

cve-icon Vulnrichment

Updated: 2025-08-13T20:12:10.216Z

cve-icon NVD

Status : Analyzed

Published: 2025-08-13T20:15:35.043

Modified: 2025-08-27T18:21:33.060

Link: CVE-2025-8927

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.