CVE-2025-53925
BaseFortify
Publication date: 2025-07-16
Last updated on: 2025-08-14
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| emlog | emlog | to 2.5.17 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a cross-site scripting (XSS) issue in Emlog up to version pro-2.5.17. Authenticated remote attackers can exploit the file upload functionality by uploading an .svg file containing malicious JavaScript code. When this file is later accessed, the embedded script executes, potentially compromising the website or user data.
How can this vulnerability impact me? :
The vulnerability allows attackers with authenticated access to inject and execute arbitrary scripts on the website. This can lead to unauthorized actions, data theft, session hijacking, or defacement of the website, impacting the integrity and security of the affected system.
What immediate steps should I take to mitigate this vulnerability?
Since no patched versions exist for this vulnerability, immediate mitigation steps include restricting or disabling the file upload functionality for authenticated users, especially blocking uploads of .svg files, and monitoring for any suspicious activity related to file uploads. Additionally, applying strict input validation and sanitization on uploaded files can help reduce risk.