CVE-2025-60355
9.8CRITICALzhangyd-c OneBlog before 2.3.9 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
Published: 10/28/2025Updated: 1/8/2026
Description
zhangyd-c OneBlog before 2.3.9 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
AI AnalysisPowered by AI
Affected Products
zhydoneblog
References
- https://github.com/line2222/vuln/issues/4ExploitIssue TrackingThird Party Advisory