VYPR
Unrated severityNVD Advisory· Published May 15, 2025· Updated May 16, 2025

Emlog vulnerable to Deserialization of Untrusted Data

CVE-2025-47784

Description

Emlog is an open source website building system. Versions 2.5.13 and prior have a deserialization vulnerability. A user who creates a carefully crafted nickname can cause str_replace to replace the value of name_orig with empty, causing deserialization to fail and return false. Commit 9643250802188b791419e3c2188577073256a8a2 fixes the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Emlog/Emlogllm-fuzzy2 versions
    <=2.5.13+ 1 more
    • (no CPE)range: <=2.5.13
    • (no CPE)range: <= 2.5.13

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.