CVE-2025-61318CRITICAL 9.1EPSS p44.6%

CVE-2025-61318CVE-2025-61318

Description

Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. They fail to perform path verification and dangerous code filtering for deletion parameters, allowing attackers to exploit this feature for directory traversal.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS0.61% probability of exploitation · percentile 44.6% · 2026-06-19T12:03:05Z
Published2025-12-08
Last modified2025-12-09

Underlying weaknesses· 1

CWE-24

References

  1. https://github.com/AndyNull/em/blob/main/emlog%20pro%20-%20del%20vuln.md

1

TypeTargetConfidenceTier
WeaknessPath Traversal: '../filedir'cwe-240%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-39276
CVE
CVE-2025-29401
CVE
CVE-2025-25783
CVE
CVE-2025-47787
CVE
CVE-2025-10916
CVE
CVE-2025-9296
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.