CVE-2025-61930
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-10

Last updated on: 2025-10-20

Assigner: GitHub, Inc.

Description
Emlog is an open source website building system. Emlog Pro versions 2.5.19 and earlier are vulnerable to Cross‑Site Request Forgery (CSRF) on the password change endpoint. An attacker can trick a logged‑in administrator into submitting a crafted POST request to change the admin password without consent. Impact is account takeover of privileged users. Severity: High. As of time of publication, no known patched versions exist.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-10
Last Modified
2025-10-20
Generated
2026-06-16
AI Q&A
2025-10-10
EPSS Evaluated
2026-06-14
NVD
CVE-2025-61930
EUVD
EUVD-2025-33776
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
emlog emlog to 2.5.19 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Cross-Site Request Forgery (CSRF) in Emlog Pro versions 2.5.19 and earlier. It allows an attacker to trick a logged-in administrator into submitting a crafted POST request to the password change endpoint without their consent, resulting in the admin password being changed.

Impact Analysis

The impact of this vulnerability is account takeover of privileged users, specifically administrators. This can lead to unauthorized access and control over the website built with Emlog Pro.

Mitigation Strategies

Since no patched versions exist, immediate mitigation steps include restricting access to the Emlog Pro admin interface to trusted networks, implementing additional CSRF protections such as custom tokens or headers if possible, and educating administrators to avoid clicking on suspicious links while logged in. Monitoring for unusual password change requests and enforcing strong authentication methods can also help reduce risk.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-61930. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart