CVE-2025-61318

CRITICAL

Emlog Pro 2.5.20 - Path Traversal

Title source: llm

Description

Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. They fail to perform path verification and dangerous code filtering for deletion parameters, allowing attackers to exploit this feature for directory traversal.

References (1)

[Exploit, Third Party Advisory] https://github.com/AndyNull/em/blob/main/emlog%20pro%20-%20del%20vuln.md

View Exploit ZIP pw:eip

Scores

CVSS v3 9.1

EPSS 0.0131

EPSS Percentile 79.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Classification

CWE

CWE-24

Status published

Affected Products (1)

emlog/emlog

Timeline

Published Dec 08, 2025

Tracked Since Feb 18, 2026