A vulnerability marked as critical has been reported in xuhuisheng lemon up to 1.13.0. This affects the function
uploadImage
of the file CmsArticleController.java of the component com.mossle.cms.web.CmsArticleController.uploadImage. This manipulation of the argument Upload causes unrestricted upload.
This vulnerability is handled as CVE-2025-9406. The attack can be initiated remotely. Additionally, an exploit exists.