CVE-2025-61769
BaseFortify
Publication date: 2025-10-06
Last updated on: 2025-10-09
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| emlog | emlog | to 2.5.22 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-61769 is a stored Cross-Site Scripting (XSS) vulnerability in the file upload functionality of emlog versions up to and including 2.5.22. Authenticated users can upload specially crafted .svg files containing embedded JavaScript code. When these files are accessed, the malicious script executes in the context of other users, potentially allowing attackers to run arbitrary web scripts or HTML. This happens because the application does not properly sanitize or neutralize special characters in uploaded SVG files. [1]
How can this vulnerability impact me? :
This vulnerability can allow authenticated attackers to inject and execute malicious scripts in the context of other users who access the uploaded SVG files. This can lead to session hijacking, defacement, or other malicious actions performed on behalf of legitimate users. Although the CVSS score is low and there is no direct impact on confidentiality, integrity, or availability, it can still be used to trick users or escalate attacks within the application. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for HTTP POST requests to the endpoint `/admin/media.php?action=upload&sid=0` containing multipart/form-data uploads of .svg files. Specifically, look for .svg files that may contain embedded JavaScript code. A possible detection method is to inspect uploaded SVG files for suspicious script tags or JavaScript content. For example, you can use commands like `grep -r '<script' /path/to/uploaded/svg/files` on the server to find SVG files containing script tags. Additionally, network monitoring tools can be configured to alert on POST requests to the vulnerable upload endpoint with .svg file uploads. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting or disabling the upload of .svg files until a patch or fix is available. Ensure that only trusted users have authenticated access to the upload functionality. Additionally, sanitize or validate uploaded SVG files to remove any embedded scripts before allowing them to be stored or served. Monitoring and reviewing uploaded files for malicious content is also recommended. Applying any available patches or updates from the vendor once released is essential. [1]