CVE-2025-31103 HIGH

CVE-2025-31103

Vendor Appleple Inc.

Product a-blog cms (Ver.3.1.x series)

Weakness CWE-502 · Unsafe deserialization

Published March 31, 2025

Last update March 31, 2025

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbitrary files on the server where the product is running. This can be leveraged to execute an arbitrary script on the server.

Key dates

02Disclosure timeline

March 31, 2025 CVE published

March 31, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-31103 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/502.html

Related vulnerabilities

Identifiers

CVE CVE-2025-31103

CWE CWE-502

CVSS 7.5 / HIGH

Affected versions

Vendor Appleple Inc.

Product a-blog cms (Ver.3.1.x series)

Affected prior to Ver.3.1.37

Vendor Appleple Inc.

Product a-blog cms (Ver.3.0.x series)

Affected prior to Ver.3.0.41

Vendor Appleple Inc.

Product a-blog cms (Ver.2.11.x series)

Affected prior to Ver.2.11.70

Vendor Appleple Inc.

Product a-blog cms (Ver.2.10.x series)

Affected prior to Ver.2.10.58

Vendor Appleple Inc.

Product a-blog cms (Ver.2.9.x series)

Affected prior to Ver.2.9.46

Vendor Appleple Inc.

Product a-blog cms (Ver. 2.8.x series)

Affected prior to Ver.2.8.80

CVE-2025-31103

01Description

02Disclosure timeline

03References

04Related CVE