CVE-2025-64348
Last modified
CVE-2025-64348 is a high-severity vulnerability rated 7.1/10 on the CVSS scale. ELOG allows an authenticated user to modify or overwrite the configuration file, resulting in denial of service. If the execute facility is specifically enabled with the "-x" command line flag, attackers could execute OS commands on the host machine. EPSS estimates a 0.27% chance of exploitation in the next 30 days.
Description
ELOG allows an authenticated user to modify or overwrite the configuration file, resulting in denial of service. If the execute facility is specifically enabled with the "-x" command line flag, attackers could execute OS commands on the host machine. By default, ELOG is not configured to allow shell commands or self-registration.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Elog Project | Elog | <= 3.1.5-20251014 |
References
- https://www.cve.org/CVERecord?id=CVE-2025-64348Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2025-64348?
How severe is CVE-2025-64348?
How do I fix CVE-2025-64348?
Are you affected by CVE-2025-64348?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST