CVE-2025-41429CRITICAL 9.8EPSS p27.7%

CVE-2025-41429CVE-2025-41429

Description

a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with CVE-2025-36560, a remote unauthenticated attacker may hijack a legitimate user's session.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.36% probability of exploitation · percentile 27.7% · 2026-06-19T12:03:05Z
Published2025-05-19
Last modified2025-09-30

Underlying weaknesses· 1

CWE-117

References

  1. https://developer.a-blogcms.jp/blog/news/JVNVU-90760614.html
  2. https://jvn.jp/en/vu/JVNVU90760614/

1

TypeTargetConfidenceTier
WeaknessImproper Output Neutralization for Logscwe-1170%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-54761
CVE
CVE-2025-36728
CVE
CVE-2025-28866
CVE
CVE-2025-14472
CVE
CVE-2025-31681
CVE
CVE-2025-61930
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.