CVE-2025-15152

6.3 MEDIUM

📋 TL;DR

This vulnerability allows remote attackers to upload arbitrary files to the moga-mall application by manipulating the objectName parameter in the addProduct function. This affects all deployments of h-moses moga-mall up to commit 392d631a5ef15962a9bddeeb9f1269b9085473fa. The rolling release system means specific version numbers aren't disclosed, but all instances before the fix are vulnerable.

💻 Affected Systems

Products:

• h-moses moga-mall

Versions: All versions up to commit 392d631a5ef15962a9bddeeb9f1269b9085473fa

Operating Systems: Any OS running Java applications

Default Config Vulnerable: ⚠️ Yes

Notes: This is a rolling release system, so version numbers aren't tracked traditionally. Any deployment before the fix commit is vulnerable.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

1. Review the CVE details at NVD
2. Check vendor security advisories for your specific version
3. Test if the vulnerability is exploitable in your environment
4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution via malicious file upload leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Unauthorized file upload leading to defacement, data exfiltration, or serving malicious content to users.

🟢

If Mitigated

Limited impact with proper file validation and restricted execution permissions.

🌐 Internet-Facing: HIGH - Attack can be performed remotely without authentication.

🏢 Internal Only: MEDIUM - Still exploitable by internal attackers or compromised accounts.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public GitHub repository contains exploit details. Simple parameter manipulation required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Commit after 392d631a5ef15962a9bddeeb9f1269b9085473fa

Vendor Advisory: Not provided

Restart Required: Yes

Instructions:

1. Pull latest code from repository. 2. Verify commit is newer than 392d631a5ef15962a9bddeeb9f1269b9085473fa. 3. Rebuild and redeploy application. 4. Restart service.

🔧 Temporary Workarounds

Web Application Firewall Rule

all

Block requests containing suspicious file extensions or patterns in objectName parameter

File Upload Restriction

linux

Configure application server to restrict upload directories and file permissions

Copy

chmod 755 /path/to/uploads
chown www-data:www-data /path/to/uploads

🧯 If You Can't Patch

• Implement strict file type validation at the application layer
• Deploy WAF with rules blocking suspicious upload patterns

🔍 How to Verify

Check if Vulnerable:

Copy

Check if your deployment uses commit 392d631a5ef15962a9bddeeb9f1269b9085473fa or earlier via git log

Check Version:

Copy

git log --oneline -1

Verify Fix Applied:

Copy

Confirm current commit is newer than 392d631a5ef15962a9bddeeb9f1269b9085473fa and test file upload restrictions

📡 Detection & Monitoring

Log Indicators:

• Unusual file uploads to /product/add endpoint
• Requests with suspicious file extensions in parameters

Network Indicators:

• POST requests to /product/add with unusual Content-Type or file names

SIEM Query:

Copy

source="application.log" AND "addProduct" AND ("objectName" CONTAINS ".jsp" OR "objectName" CONTAINS ".php" OR "objectName" CONTAINS ".exe")

📊 Metadata

CVE ID: CVE-2025-15152

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-284

EPSS Score: 0.04% exploit probability (13.1th percentile)

Published: December 28, 2025

Last Updated: December 29, 2025

🔗 References

• https://github.com/zyhzheng500-maker/cve/blob/main/moga-mall%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md
• https://vuldb.com/?ctiid.338529
• https://vuldb.com/?id.338529
• https://vuldb.com/?submit.721988

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15152, you might also want to check these:

CVE-2021-34795 10.0

This critical vulnerability in Cisco Catalyst PON Series Switches ONT web management interface allow...

Same vulnerability type (CWE-284)

CVE-2021-40113 10.0

Multiple vulnerabilities in Cisco Catalyst PON Series Switches ONT web management interface allow un...

Same vulnerability type (CWE-284)

CVE-2026-21636 10.0

A critical vulnerability in Node.js v25's experimental permission model allows attacker-controlled i...

Same vulnerability type (CWE-284)