CVE-2025-61930

Exploit

EPSS 0.2%
Veröffentlicht 10.10.2025 20:15:38
Zuletzt bearbeitet 20.10.2025 16:47:37
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Emlog Pro has CSRF issue that Enables Admin Password Reset

Emlog is an open source website building system. Emlog Pro versions 2.5.19 and earlier are vulnerable to Cross‑Site Request Forgery (CSRF) on the password change endpoint. An attacker can trick a logged‑in administrator into submitting a crafted POST request to change the admin password without consent. Impact is account takeover of privileged users. Severity: High. As of time of publication, no known patched versions exist.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Emlog ≫ Emlog SwEditionpro Version <= 2.5.19

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.2%	0.095

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
security-advisories@github.com	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://github.com/emlog/emlog/security/advisories/GHSA-m2qw-9wjx-qxm2

Vendor Advisory

Exploit

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2025-61930

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-61930

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-61930

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-61930