### Key Information - **Vulnerability ID**: JVN#66982699 - **Vulnerability Type**: Untrusted Data Deserialization (CWE-502) - **Affected Products**: - a-blog cms versions prior to Ver.3.1.37 (Ver.3.1.x series) - a-blog cms versions prior to Ver.3.0.41 (Ver.3.0.x series) - a-blog cms versions prior to Ver.2.11.70 (Ver.2.11.x series) - a-blog cms versions prior to Ver.2.10.58 (Ver.2.10.x series) - a-blog cms versions prior to Ver.2.9.46 (Ver.2.9.x series) - a-blog cms versions prior to Ver.2.8.80 (Ver.2.8.x series) - a-blog cms Ver.2.7 and earlier versions (unsupported) - **Impact**: - Processing a specially crafted request may store arbitrary files on the server. - This can be leveraged to execute an arbitrary script on the server. - **Solution**: - **Update Software**: Update to the latest version. - **Apply Workaround**: Apply the workaround until the software is updated. - **CVSS v3 Base Score**: 7.5 - **CVE ID**: CVE-2025-31103 - **JVN iPedal ID**: JVNDDB-2025-000024 - **Release Date**: 2025/03/28 - **Last Updated**: 2025/03/28