Profile Modification Vulnerability in ELOG by RITT
CVE-2025-64349

8.7HIGH

Key Information:

Vendor: Elog
Status: Elog
Vendor: CVE Published:; 31 October 2025

What is CVE-2025-64349?

The ELOG application allows authenticated users the ability to modify other users' profiles, presenting a significant security risk. An attacker can change a target user's email address and subsequently request a password reset, potentially gaining control over the target account. This issue is exacerbated by the default configuration of ELOG, which does not permit self-registration, thus limiting oversight on account creations and modifications. Organizations using ELOG should evaluate their security measures and apply patches as they become available to mitigate this risk.

Affected Version(s)

ELOG *

References

https://bitbucket.org/ritt/elog/commits/7092ff64f6eb9521f...

https://bitbucket.org/ritt/elog/commits/f81e5695c40997322...

https://raw.githubusercontent.com/cisagov/CSAF/develop/cs...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 31, 2025
Vulnerability Reserved
Oct 30, 2025

Credit

Karl Meister, CISA

JSON

Elog

What is CVE-2025-64349?

Affected Version(s)

References

CVSS V4

Timeline

Credit