CVE-2025-36560
Severity CVSS v4.0:
CRITICAL
Type:
CWE-918
Server-Side Request Forgery (SSRF)
Publication date:
19/05/2025
Last modified:
30/09/2025
Description
Server-side request forgery vulnerability exists in a-blog cms multiple versions. If this vulnerability is exploited, a remote unauthenticated attacker may gain access to sensitive information by sending a specially crafted request.
Impact
Base Score 4.0
9.20
Severity 4.0
CRITICAL
Base Score 3.x
8.60
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:* | 2.8.0 (including) | 2.8.85 (including) |
| cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:* | 2.9.0 (including) | 2.9.52 (including) |
| cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:* | 2.10.0 (including) | 2.10.63 (including) |
| cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:* | 2.11.0 (including) | 2.11.75 (including) |
| cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:* | 3.0.0 (including) | 3.0.47 (including) |
| cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:* | 3.1.0 (including) | 3.1.43 (including) |
To consult the complete list of CPE names with products and versions, see this page