← Back

CVE-2025-61930

nvd nist
Published: Oct 10, 2025Modified: Oct 20, 2025

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Emlog is an open source website building system. Emlog Pro versions 2.5.19 and earlier are vulnerable to Cross‑Site Request Forgery (CSRF) on the password change endpoint. An attacker can trick a logged‑in administrator into submitting a crafted POST request to change the admin password without consent. Impact is account takeover of privileged users. Severity: High. As of time of publication, no known patched versions exist.

Affected (1)

Products: Emlog: Emlog
Emlog
1 product
Emlog
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Emlog
Up to 2.5.19

Related CWEs

CWE-352
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (1)

Source: security-advisories@github.com
ExploitMitigationVendor Advisory

Timeline

No history available yet.