JVNVU#90760614
Multiple vulnerabilities in a-blog cms
Overview
a-blog cms provided by appleple inc. contains multiple vulnerabilities.
Products Affected
CVE-2025-27566, CVE-2025-32999
- a-blog cms versions prior to Ver. 3.1.43 (Ver. 3.1.x series)
- a-blog cms versions prior to Ver. 3.0.47 (Ver. 3.0.x series)
CVE-2025-36560, CVE-2025-41429
- a-blog cms Ver. 3.1.43 and earlier (Ver. 3.1.x series)
- a-blog cms Ver. 3.0.47 and earlier (Ver. 3.0.x series)
- a-blog cms Ver. 2.11.75 and earlier (Ver. 2.11.x series)
- a-blog cms Ver. 2.10.63 and earlier (Ver. 2.10.x series)
- a-blog cms Ver. 2.9.52 and earlier (Ver. 2.9.x series)
- a-blog cms Ver. 2.8.85 and earlier (Ver. 2.8.x series)
For information about the maintenance policy, please refer to the "Maintenance Policy (Text in Japanese)" provided by the developer.
Description
a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below.
- Path traversal (CWE-22)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 5.1
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N Base Score 3.8
- CVE-2025-27566
- This is an issue with insufficient path validation in the backup feature, and exploitation requires the administrator privilege
- Cross-site scripting (CWE-79)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Base Score 4.0
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score 5.4
- CVE-2025-32999
- This issue exists in a specific field in the entry editing screen, and exploitation requires contributor or higher level privileges
- Server-side request forgery (CWE-918)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N Base Score 9.2
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Base Score 8.6
- CVE-2025-36560
- Improper output neutralization for logs (CWE-117)
- CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 2.1
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Base Score 4.8
- CVE-2025-41429
Impact
- Any files on the server may be retrieved or deleted (CVE-2025-27566)
- An arbitrary script may be executed on the web browser of the user who is logging in to the product (CVE-2025-32999)
- Processing a specially crafted request may allow access to sensitive information (CVE-2025-36560)
- The combination of these vulnerabilities may allow an attacker to hijack a legitimate user's session (CVE-2025-36560, CVE-2025-41429)
Solution
Update the Software
Update the software to the latest version according to the information provided by the developer.
Apply the workaround
The developer has also provided a workaround for CVE-2025-36560 and CVE-2025-41429.
For more information, refer to the information provided by the developer.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| appleple inc. | Vulnerable | 2025/05/14 | appleple inc. website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
CVE-2025-27566, CVE-2025-32999
haidv35 (Dinh Viet Hai) reported these vulnerabilities to the developer and coordinated. After the coordination was completed, haidv35 (Dinh Viet Hai) reported the case to JPCERT/CC to notify users of the solution through JVN.
CVE-2025-36560, CVE-2025-41429
vcth4nh from VCSLab of Viettel Cyber Security (Vu Chi Thanh) reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with the developer.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2025-27566 |
|
CVE-2025-32999 |
|
|
CVE-2025-36560 |
|
|
CVE-2025-41429 |
|
| JVN iPedia |
|