CVE-2025-62717CRITICAL 9.1EPSS p24.8%

CVE-2025-62717CVE-2025-62717

Description

Emlog is an open source website building system. In version 2.5.23, Emlog Pro is vulnerable to a session verification code error due to a clearing logic error. This means the verification code could be reused anywhere an email verification code is required. This issue has been fixed in commit 1f726df.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS0.33% probability of exploitation · percentile 24.8% · 2026-06-18T12:00:27Z
Published2025-10-24
Last modified2025-10-28

Underlying weaknesses· 1

CWE-287

References

  1. https://github.com/emlog/emlog/commit/1f726df0ce56a1bc6e8225dd95389974173bd0c0
  2. https://github.com/emlog/emlog/security/advisories/GHSA-wwj4-ppfj-hcm6

1

TypeTargetConfidenceTier
WeaknessImproper Authenticationcwe-2870%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-61930
CVE
CVE-2026-21430
CVE
CVE-2025-30372
CVE
CVE-2025-47787
CVE
CVE-2025-47785
CVE
CVE-2025-29401
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.