Description

Path traversal vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and versions prior to Ver. 3.0.47. This is an issue with insufficient path validation in the backup feature, and exploitation requires the administrator privilege. If this vulnerability is exploited, a remote authenticated attacker with the administrator privilege may obtain or delete any file on the server.

INFO

Published Date :

2025-05-19T08:09:26.427Z

Last Modified :

2025-05-19T14:42:50.286Z

Source :

jpcert
AFFECTED PRODUCTS

The following products are affected by CVE-2025-27566 vulnerability.

Vendors Products
Appleple
  • A-blog Cms
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-27566.

URL Resource
https://developer.a-blogcms.jp/blog/news/JVNVU-90760614.html cve-icon cve-icon
https://jvn.jp/en/vu/JVNVU90760614/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact