CVE-2025-62717

EPSS 0.36%
Veröffentlicht 24.10.2025 20:13:47
Zuletzt bearbeitet 28.10.2025 14:15:50
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Emlog Pro session verification code error due to clearing logic error

Emlog is an open source website building system. In version 2.5.23, Emlog Pro is vulnerable to a session verification code error due to a clearing logic error. This means the verification code could be reused anywhere an email verification code is required. This issue has been fixed in commit 1f726df.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Emlog ≫ Emlog Version2.5.23 SwEditionpro

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.36%	0.28

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
security-advisories@github.com	2.7	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://github.com/emlog/emlog/security/advisories/GHSA-wwj4-ppfj-hcm6

Vendor Advisory

https://github.com/emlog/emlog/commit/1f726df0ce56a1bc6e8225dd95389974173bd0c0

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-62717

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-62717

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-62717

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-62717