CVE-2025-31103
Published: 31 March 2025
Description
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Security Summary
CVE-2025-31103, published on 2025-03-31, is an untrusted data deserialization vulnerability in a-blog CMS, classified under CWE-502. The flaw allows processing of a specially crafted request to store arbitrary files on the server where the product is running. This can be leveraged to execute arbitrary scripts on the server, earning a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
Unauthenticated attackers can exploit the vulnerability remotely over the network with low attack complexity and no user interaction required. Successful exploitation enables arbitrary file storage and subsequent script execution on the server, resulting in high integrity impact without affecting confidentiality or availability.
Vendor advisories at https://developer.a-blogcms.jp/blog/news/entry-4197.html and https://developer.a-blogcms.jp/blog/news/security-update202503.html, along with JVN details at https://jvn.jp/en/jp/JVN66982699/, provide information on security updates and mitigation steps.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The unauthenticated remote deserialization flaw in public-facing a-blog CMS directly enables exploitation of the web application (T1190) and deployment of arbitrary scripts/files for server-side execution (T1505.003).