CVE-2025-47787
Last modified
CVE-2025-47787 is a high-severity vulnerability rated 8.9/10 on the CVSS scale. Emlog is an open source website building system. Emlog Pro prior to version 2.5.10 contains a file upload vulnerability. EPSS estimates a 0.62% chance of exploitation in the next 30 days.
Description
Emlog is an open source website building system. Emlog Pro prior to version 2.5.10 contains a file upload vulnerability. The store.php component contains a critical security flaw where it fails to properly validate the contents of remotely downloaded ZIP plugin files. This insufficient validation allows attackers to execute arbitrary code on the vulnerable system. Version 2.5.10 contains a patch for the issue.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Emlog | Emlog | < 2.5.10 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-47787?
How severe is CVE-2025-47787?
How do I fix CVE-2025-47787?
Are you affected by CVE-2025-47787?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST