Home > Vulnerability Database > CVE-2025-61930

Mend.io Vulnerability Database

CVE-2025-61930

Date: October 10, 2025

Emlog is an open source website building system. Emlog Pro versions 2.5.19 and earlier are vulnerable to Cross‑Site Request Forgery (CSRF) on the password change endpoint. An attacker can trick a logged‑in administrator into submitting a crafted POST request to change the admin password without consent. Impact is account takeover of privileged users. Severity: High. As of time of publication, no known patched versions exist.

Severity Score

8.1

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-61930

Url: https://github.com/emlog/emlog/security/advisories/GHSA-m2qw-9wjx-qxm2

Url: https://www.mend.io/vulnerability-database/CVE-2025-61930

Severity Score

8.1

Weakness Type (CWE)

Cross-Site Request Forgery (CSRF)

CWE-352

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-61930

Date: October 10, 2025

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?