CVE-2025-9100

low-risk

Published 2025-08-18

A security flaw has been discovered in zhenfeng13 My-Blog 1.0.0. This vulnerability affects unknown code of the file /blog/comment of the component Frontend Blog Article Comment Handler. The manipulation leads to authentication bypass by capture-replay. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Do I need to act?

0.11% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

NETWORK / LOW complexity

Affected Products (1)

My-Blog

Affected Vendors

Zhenfeng13

References (7)

Exploit https://github.com/ZHENFENG13/My-Blog/issues/149

Exploit https://github.com/ZHENFENG13/My-Blog/issues/149#issue-3265307853

Permissions Required https://vuldb.com/?ctiid.320422

Third Party Advisory https://vuldb.com/?id.320422

Third Party Advisory https://vuldb.com/?submit.628097

Exploit https://github.com/ZHENFENG13/My-Blog/issues/149

Exploit https://github.com/ZHENFENG13/My-Blog/issues/149#issue-3265307853

/ 100

low-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal