Arbitrary File Upload Vulnerability in Emlog Pro by Emlog
CVE-2025-25783

9.8CRITICAL

Key Information:

Vendor

Emlog

Status
Emlog Pro
Vendor
CVE Published:
26 February 2025

What is CVE-2025-25783?

Emlog Pro v2.5.3 contains an arbitrary file upload vulnerability in the admin/plugin.php component. This flaw allows an attacker to upload a specially crafted ZIP file, which may lead to the execution of arbitrary code on the server, compromising the integrity and security of the application.

References

https://www.emlog.net/
http://emlogpro.com
https://github.com/Ka7arotto/emlog/blob/main/emlog-3.md

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-25783 : Arbitrary File Upload Vulnerability in Emlog Pro by Emlog