Cross-Site Scripting Vulnerability in Emlog Website Building System
CVE-2025-61769

2.1LOW

Key Information:

Vendor: Emlog
Status: Emlog
Vendor: CVE Published:; 6 October 2025

What is CVE-2025-61769?

The Emlog website building system has a Cross-Site Scripting (XSS) vulnerability that affects versions up to and including 2.5.22. This security issue arises from the file upload functionality, where authenticated users can upload .svg files containing JavaScript code. If successfully uploaded, the malicious script may be executed in the context of other users, potentially leading to unauthorized actions and data exposure. The issue has been addressed in a recent commit that ensures improved validation and sanitization of uploaded files.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

emlog <= 2.5.22

References

https://github.com/emlog/emlog/security/advisories/GHSA-r...

x_refsource_CONFIRM

https://github.com/emlog/emlog/commit/052f9c4226b2c0014bc...

x_refsource_MISC

CVSS V4

Score:

2.1

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Oct 6, 2025
Vulnerability Reserved
Sep 30, 2025

JSON

Emlog

What is CVE-2025-61769?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.