Vulnerability Description
ELOG allows an authenticated user to modify or overwrite the configuration file, resulting in denial of service. If the execute facility is specifically enabled with the "-x" command line flag, attackers could execute OS commands on the host machine. By default, ELOG is not configured to allow shell commands or self-registration.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Elog Project | Elog | <= 3.1.5-20251014 |
Related Weaknesses (CWE)
References
- https://bitbucket.org/ritt/elog/commits/7092ff64f6eb9521f8cc8c52272a020bf3730946Patch
- https://bitbucket.org/ritt/elog/commits/f81e5695c40997322fe2713bfdeba459d9de09dcPatch
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2025-64348Third Party Advisory
FAQ
What is CVE-2025-64348?
CVE-2025-64348 is a vulnerability with a CVSS score of 7.1 (HIGH). ELOG allows an authenticated user to modify or overwrite the configuration file, resulting in denial of service. If the execute facility is specifically enabled with the "-x" command line flag, attack...
How severe is CVE-2025-64348?
CVE-2025-64348 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-64348?
Check the references section above for vendor advisories and patch information. Affected products include: Elog Project Elog.