Emlog is an open source website building system. Emlog Pro versions 2.5.19 and earlier are vulnerable to Cross‑Site Request Forgery (CSRF) on the password change endpoint. An attacker can trick a logged‑in administrator into submitting a crafted POST request to change the admin password without consent. Impact is account takeover of privileged users. Severity: High. As of time of publication, no known patched versions exist.
References
Configurations
No configuration.
History
10 Oct 2025, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-10-10 20:15
Updated : 2025-10-14 19:36
NVD link : CVE-2025-61930
Mitre link : CVE-2025-61930
CVE.ORG link : CVE-2025-61930
JSON object : View
Products Affected
No product.
CWE
CWE-352
Cross-Site Request Forgery (CSRF)