CVE-2025-61930 — HIGH (8.1)

Q: How severe is CVE-2025-61930?

CVE-2025-61930 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-61930?

Check the references section above for vendor advisories and patch information. Affected products include: Emlog Emlog.

Vulnerability Description

Emlog is an open source website building system. Emlog Pro versions 2.5.19 and earlier are vulnerable to Cross‑Site Request Forgery (CSRF) on the password change endpoint. An attacker can trick a logged‑in administrator into submitting a crafted POST request to change the admin password without consent. Impact is account takeover of privileged users. Severity: High. As of time of publication, no known patched versions exist.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Emlog	Emlog	<= 2.5.19

Related Weaknesses (CWE)

CWE-352

References

https://github.com/emlog/emlog/security/advisories/GHSA-m2qw-9wjx-qxm2ExploitMitigationVendor Advisory

FAQ

What is CVE-2025-61930?

CVE-2025-61930 is a vulnerability with a CVSS score of 8.1 (HIGH). Emlog is an open source website building system. Emlog Pro versions 2.5.19 and earlier are vulnerable to Cross‑Site Request Forgery (CSRF) on the password change endpoint. An attacker can trick a logg...

How severe is CVE-2025-61930?

CVE-2025-61930 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-61930?

Check the references section above for vendor advisories and patch information. Affected products include: Emlog Emlog.