CVE-2025-31932: Deserialization of untrusted data issue exists in BizRobo! all versions. If this vulnerability is exploited, an arbitrary code is executed on the...

8.8 CVSS

Description

Deserialization of untrusted data issue exists in BizRobo! all versions. If this vulnerability is exploited, an arbitrary code is executed on the Management Console.
The vendor provides the workaround information and recommends to apply it to the deployment environment.

Classification

CVE ID: CVE-2025-31932

CVSS Base Severity: HIGH

CVSS Base Score: 8.8

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem Types

Deserialization of untrusted data

Affected Products

Vendor: OPEN, Inc.

Product: BizRobo!

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.06% (probability of being exploited)

EPSS Percentile: 19.93% (scored less or equal to compared to others)

EPSS Date: 2025-04-20 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-31932
https://knowledge.bizrobo.com/hc/ja/articles/39951710517145
https://knowledge.bizrobo.com/hc/ja/articles/39952052043289
https://knowledge.bizrobo.com/hc/ja/articles/39953373809305
https://knowledge.bizrobo.com/hc/ja/articles/360029772271
https://jvn.jp/en/jp/JVN30641875/

Timeline

2025-04-11 10:40:20 UTC
CVE

Deserialization of untrusted data issue exists in BizRobo! all versions. If this vulnerability is exploited, an arbitrary code is executed on the...