CVE-2025-61930HIGH 8.8EPSS p9.5%

CVE-2025-61930CVE-2025-61930

Description

Emlog is an open source website building system. Emlog Pro versions 2.5.19 and earlier are vulnerable to Cross‑Site Request Forgery (CSRF) on the password change endpoint. An attacker can trick a logged‑in administrator into submitting a crafted POST request to change the admin password without consent. Impact is account takeover of privileged users. Severity: High. As of time of publication, no known patched versions exist.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS0.20% probability of exploitation · percentile 9.5% · 2026-06-18T12:00:27Z
Published2025-10-10
Last modified2025-10-20

Underlying weaknesses· 1

CWE-352

References

  1. https://github.com/emlog/emlog/security/advisories/GHSA-m2qw-9wjx-qxm2

1

TypeTargetConfidenceTier
WeaknessCross-Site Request Forgery (CSRF)cwe-3520%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-21430
CVE
CVE-2025-62717
CVE
CVE-2025-30372
CVE
CVE-2025-47785
CVE
CVE-2025-9296
CVE
CVE-2025-47787
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.