CVE-2025-61930

HIGH

Emlog < 2.5.19 - CSRF

Title source: rule

Description

Emlog is an open source website building system. Emlog Pro versions 2.5.19 and earlier are vulnerable to Cross‑Site Request Forgery (CSRF) on the password change endpoint. An attacker can trick a logged‑in administrator into submitting a crafted POST request to change the admin password without consent. Impact is account takeover of privileged users. Severity: High. As of time of publication, no known patched versions exist.

References (1)

[Exploit, Mitigation, Vendor Advisory] https://github.com/emlog/emlog/security/advisories/GHSA-m2qw-9wjx-qxm2

Scores

CVSS v3 8.1

EPSS 0.0002

EPSS Percentile 5.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Classification

CWE

CWE-352

Status published

Affected Products (1)

emlog/emlog < 2.5.19

Timeline

Published Oct 10, 2025

Tracked Since Feb 18, 2026