cbcvebase.
CVE-2025-31103
published 2025-03-31

CVE-2025-31103: Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbitrary files on the server where the…

PriorityP279high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.46%
36.3th percentile
Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbitrary files on the server where the product is running. This can be leveraged to execute an arbitrary script on the server.

Affected

12 ranges
VendorProductVersion rangeFixed in
appleplea-blog_cms<= 2.8.80
appleplea-blog_cms>= 2.10.0 < 2.10.582.10.58
appleplea-blog_cms>= 2.11.0 < 2.11.702.11.70
appleplea-blog_cms2.9.0 – 2.9.46
appleplea-blog_cms>= 3.0.0 < 3.0.413.0.41
appleplea-blog_cms>= 3.1.0 < 3.1.373.1.37
appleple_inca-blog_cms
appleple_inca-blog_cms
appleple_inca-blog_cms
appleple_inca-blog_cms
appleple_inca-blog_cms
appleple_inca-blog_cms

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.