CVE-2025-27566: Path traversal vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and versions prior to Ver. 3.0.47. This is an issue with...

3.8 CVSS

Description

Path traversal vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and versions prior to Ver. 3.0.47. This is an issue with insufficient path validation in the backup feature, and exploitation requires the administrator privilege. If this vulnerability is exploited, a remote authenticated attacker with the administrator privilege may obtain or delete any file on the server.

Classification

CVE ID: CVE-2025-27566

CVSS Base Severity: LOW

CVSS Base Score: 3.8

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

Problem Types

Improper limitation of a pathname to a restricted directory ('Path Traversal')

Affected Products

Vendor: appleple inc.

Product: a-blog cms

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 14.98% (scored less or equal to compared to others)

EPSS Date: 2025-06-06 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-27566
https://developer.a-blogcms.jp/blog/news/JVNVU-90760614.html
https://jvn.jp/en/vu/JVNVU90760614/

Timeline

2025-05-19 09:40:19 UTC
CVE

Path traversal vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and versions prior to Ver. 3.0.47. This is an issue with...