CVE-2025-31932 HIGH

CVE-2025-31932

Vendor Open, Inc.

Product BizRobo!

Weakness CWE-502 · Unsafe deserialization

Published April 11, 2025

Last update April 11, 2025

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Deserialization of untrusted data issue exists in BizRobo! all versions. If this vulnerability is exploited, an arbitrary code is executed on the Management Console. The vendor provides the workaround information and recommends to apply it to the deployment environment.

Key dates

02Disclosure timeline

April 11, 2025 CVE published

April 11, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-31932

Related vulnerabilities

04Related CVE

CVE-2025-14071 Live Composer – Free WordPress Website Builder <= 2.0.2 - Authenticated (Contributor+) PHP Object Injection via dslc_module_posts_output Shortcode CVE-2023-52225 WordPress Taggbox Plugin <= 3.1 is vulnerable to PHP Object Injection CVE-2026-12787 zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 testConnection Endpoint deserialization CVE-2026-40473 Apache Camel Mina: Unsafe Deserialization in MinaConverter.toObjectInput() via TCP/UDP CVE-2023-7334 Changjetong T+ <= 16.x GetStoreWarehouseByStore Deserialization RCE