{"cve":{"cve_id":"CVE-2025-27566","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00443,"epss_percentile":0.35277,"epss_as_of":"2026-06-23","description":"Path traversal vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and versions prior to Ver. 3.0.47. This is an issue with insufficient path validation in the backup feature, and exploitation requires the administrator privilege. If this vulnerability is exploited, a remote authenticated attacker with the administrator privilege may obtain or delete any file on the server.","published_at":"2025-05-19T08:09:26.427000Z","last_modified_at":null,"cvss_v3_score":3.8,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N","cvss_v3_severity":"LOW","cvss_v4_score":5.1,"cvss_v4_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N","cvss_v4_severity":"MEDIUM","ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-22"],"nvd_references":["https://developer.a-blogcms.jp/blog/news/JVNVU-90760614.html","https://jvn.jp/en/vu/JVNVU90760614/"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:26:09.014844Z"},"effective_severity":"MEDIUM","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"H","value_label":"High"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"L","value_label":"Low"},{"metric":"I","name":"Integrity","value":"L","value_label":"Low"},{"metric":"A","name":"Availability","value":"N","value_label":"None"}]},"cvss_v4_decoded":{"version":"4.0","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"AT","name":"Attack Requirements","value":"N","value_label":"None"},{"metric":"PR","name":"Privileges Required","value":"H","value_label":"High"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"VC","name":"Confidentiality (Vulnerable System)","value":"L","value_label":"Low"},{"metric":"VI","name":"Integrity (Vulnerable System)","value":"L","value_label":"Low"},{"metric":"VA","name":"Availability (Vulnerable System)","value":"N","value_label":"None"},{"metric":"SC","name":"Confidentiality (Subsequent System)","value":"N","value_label":"None"},{"metric":"SI","name":"Integrity (Subsequent System)","value":"N","value_label":"None"},{"metric":"SA","name":"Availability (Subsequent System)","value":"N","value_label":"None"}]},"affected":[{"vendor_slug":"appleple-inc.","vendor_name":"appleple inc.","product_slug":"a-blog-cms","product_name":"a-blog cms","version_start":"prior to Ver. 3.1.43 (Ver. 3.1.x series)","version_start_inclusive":true,"version_end":"prior to Ver. 3.1.43 (Ver. 3.1.x series)","version_end_inclusive":true,"cpe23_uri":"cve5:appleple-inc.:a-blog-cms:prior to Ver. 3.1.43 (Ver. 3.1.x series):prior to Ver. 3.1.43 (Ver. 3.1.x series)"},{"vendor_slug":"appleple-inc.","vendor_name":"appleple inc.","product_slug":"a-blog-cms","product_name":"a-blog cms","version_start":"prior to Ver. 3.0.47 (Ver. 3.0.x series)","version_start_inclusive":true,"version_end":"prior to Ver. 3.0.47 (Ver. 3.0.x series)","version_end_inclusive":true,"cpe23_uri":"cve5:appleple-inc.:a-blog-cms:prior to Ver. 3.0.47 (Ver. 3.0.x series):prior to Ver. 3.0.47 (Ver. 3.0.x series)"}],"exploit_refs":[],"news":[],"references":[{"url":"https://developer.a-blogcms.jp/blog/news/JVNVU-90760614.html","source_type":"MISC","tags":[]},{"url":"https://jvn.jp/en/vu/JVNVU90760614/","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2025-05-19T08:09:26.427000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:44:19.897881Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:44:19.897881Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:44:19.897881Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:44:19.897881Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:44:19.897881Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:44:19.897881Z","label":"CVSS score revised","source":"cvelistv5"}]}