Unrated severityNVD Advisory· Published Oct 10, 2025· Updated Oct 10, 2025
Emlog Pro has CSRF issue that Enables Admin Password Reset
CVE-2025-61930
Description
Emlog is an open source website building system. Emlog Pro versions 2.5.19 and earlier are vulnerable to Cross‑Site Request Forgery (CSRF) on the password change endpoint. An attacker can trick a logged‑in administrator into submitting a crafted POST request to change the admin password without consent. Impact is account takeover of privileged users. Severity: High. As of time of publication, no known patched versions exist.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1- github.com/emlog/emlog/security/advisories/GHSA-m2qw-9wjx-qxm2mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.