CVE-2025-31103
published 2025-03-31CVE-2025-31103: Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbitrary files on the server where the…
PriorityP279high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.46%
36.3th percentile
Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbitrary files on the server where the product is running. This can be leveraged to execute an arbitrary script on the server.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| appleple | a-blog_cms | <= 2.8.80 | — |
| appleple | a-blog_cms | >= 2.10.0 < 2.10.58 | 2.10.58 |
| appleple | a-blog_cms | >= 2.11.0 < 2.11.70 | 2.11.70 |
| appleple | a-blog_cms | 2.9.0 – 2.9.46 | — |
| appleple | a-blog_cms | >= 3.0.0 < 3.0.41 | 3.0.41 |
| appleple | a-blog_cms | >= 3.1.0 < 3.1.37 | 3.1.37 |
| appleple_inc | a-blog_cms | — | — |
| appleple_inc | a-blog_cms | — | — |
| appleple_inc | a-blog_cms | — | — |
| appleple_inc | a-blog_cms | — | — |
| appleple_inc | a-blog_cms | — | — |
| appleple_inc | a-blog_cms | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hhgp-h65v-gf93: Untrusted data deserialization vulnerability exists in a-blog cms
ghsa_unreviewed·2025-03-31
CVE-2025-31103 [HIGH] CWE-502 GHSA-hhgp-h65v-gf93: Untrusted data deserialization vulnerability exists in a-blog cms
Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbitrary files on the server where the product is running. This can be leveraged to execute an arbitrary script on the server.
VulnCheck
A-blog CMS Untrusted Data Deserialization
vulncheck·2025·CVSS 7.5
CVE-2025-31103 [HIGH] A-blog CMS Untrusted Data Deserialization
A-blog CMS Untrusted Data Deserialization
A-blog CMS contains an untrusted data deserialization vulnerability that if successfully exploited can be leveraged to execute an arbitrary script on the server.
Affected: Appleple Inc. a-blog cms
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://jvn.jp/en/jp/JVN66982699/index.html; https://www.loginsoft.com/reports/annually/vulnerability-intelligence-report-2025
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-03-31
Published
Exploited in the wild