CVE-2025-31103

Summary

Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbitrary files on the server where the product is running. This can be leveraged to execute an arbitrary script on the server.

Affected Software

VendorProductVersion RangeStatus
appleple inc.a-blog cms (Ver.3.1.x series)prior to Ver.3.1.37affected
appleple inc.a-blog cms (Ver.3.0.x series)prior to Ver.3.0.41affected
appleple inc.a-blog cms (Ver.2.11.x series)prior to Ver.2.11.70affected
appleple inc.a-blog cms (Ver.2.10.x series)prior to Ver.2.10.58affected
appleple inc.a-blog cms (Ver.2.9.x series)prior to Ver.2.9.46affected
appleple inc.a-blog cms (Ver. 2.8.x series)prior to Ver.2.8.80affected

Weaknesses

  • CWE-502: Deserialization of untrusted data

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References