CVE-2025-41429 | THREATINT

Description

a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with CVE-2025-36560, a remote unauthenticated attacker may hijack a legitimate user's session.

Reserved 2025-05-12 | Published 2025-05-19 | Updated 2025-05-19 | Assigner jpcert

MEDIUM: 4.8CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

LOW: 2.1CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

Improper output neutralization for logs

Product status

Ver. 2.8.85 and earlier (Ver. 2.8.x series)

affected

Ver. 3.1.43 and earlier (Ver. 3.1.x series)

affected

Ver. 3.0.47 and earlier (Ver. 3.0.x series)

affected

Ver. 2.11.75 and earlier (Ver. 2.11.x series)

affected

Ver. 2.10.63 and earlier (Ver. 2.10.x series)

affected

Ver. 2.9.52 and earlier (Ver. 2.9.x series)

affected

References

developer.a-blogcms.jp/blog/news/JVNVU-90760614.html

jvn.jp/en/vu/JVNVU90760614/

cve.org (CVE-2025-41429)

nvd.nist.gov (CVE-2025-41429)

Download JSON