CVE-2025-9004
published 2025-08-15CVE-2025-9004: A vulnerability was found in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /settings/password. The manipulation leads to…
PriorityP260critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
0.90%
55.0th percentile
A vulnerability was found in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /settings/password. The manipulation leads to improper restriction of excessive authentication attempts. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mtons | mblog | <= 3.5.0 | — |
| mtons | mblog | — | — |
| mtons | mblog | — | — |
| mtons | mblog | — | — |
| mtons | mblog | — | — |
| mtons | mblog | — | — |
| mtons | mblog | — | — |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv4.02.9LOWCVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:P/I:N/A:N
vendor_redhat4.6MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q4c6-9mg7-57ch: A vulnerability was found in mtons mblog up to 3
ghsa_unreviewed·2025-08-15
CVE-2025-9004 [MEDIUM] CWE-307 GHSA-q4c6-9mg7-57ch: A vulnerability was found in mtons mblog up to 3
A vulnerability was found in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /settings/password. The manipulation leads to improper restriction of excessive authentication attempts. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
Red Hat
AMD EPYC™ 9004 Series Processors: From CVEorg collector
vendor_redhat·2026-01-16·CVSS 4.6
CVE-2025-29943 [MEDIUM] CWE-123 AMD EPYC™ 9004 Series Processors: From CVEorg collector
AMD EPYC™ 9004 Series Processors: From CVEorg collector
Write what were condition within AMD CPUs may allow an admin-privileged attacker to modify the configuration of the CPU pipeline potentially resulting in the corruption of the stack pointer inside an SEV-SNP guest.
No detection rules found.
No public exploits indexed.
2025-08-15
Published