Emlog Pro has CSRF issue that Enables Admin Password Reset

8.1 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Description

Emlog is an open source website building system. Emlog Pro versions 2.5.19 and earlier are vulnerable to Cross‑Site Request Forgery (CSRF) on the password change endpoint. An attacker can trick a logged‑in administrator into submitting a crafted POST request to change the admin password without consent. Impact is account takeover of privileged users. Severity: High. As of time of publication, no known patched versions exist.

Basic Information

ID CVE-2025-61930

Source GitHub_M

Published Oct 10, 2025 at 20:01

Modified Oct 10, 2025 at 20:44

Affected Product

Vendor emlog

Product emlog

Version <= pro-2.5.19

Affected Versions emlog emlog <= pro-2.5.19

CWE Classification

CWE-352

References

github.com /emlog/emlog/security/advisories/GHSA-m2qw-9wjx-qxm2

{
    "lastseen": "",
    "description": "Emlog is an open source website building system. Emlog Pro versions 2.5.19 and earlier are vulnerable to Cross\u2011Site Request Forgery (CSRF) on the password change endpoint. An attacker can trick a logged\u2011in administrator into submitting a crafted POST request to change the admin password without consent. Impact is account takeover of privileged users. Severity: High. As of time of publication, no known patched versions exist.",
    "published": "2025-10-10T20:01:42.182Z",
    "modified": "2025-10-10T20:44:48.803Z",
    "type": "cve",
    "title": "Emlog Pro has CSRF issue that Enables Admin Password Reset",
    "source": "GitHub_M",
    "references": "https://github.com/emlog/emlog/security/advisories/GHSA-m2qw-9wjx-qxm2",
    "id": "CVE-2025-61930",
    "bulletinFamily": "",
    "cwe": [
        "CWE-352"
    ],
    "cvelist": null,
    "sourceData": "emlog emlog <= pro-2.5.19",
    "sourceHref": "",
    "cvss": {
        "score": 8.1,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "emlog",
    "version": "<= pro-2.5.19",
    "vendor": "emlog",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Emlog Pro has CSRF issue that Enables Admin Password Reset_CVE-2025-61930