Emlog: community verdicts
6 notable / known-exploited Emlog CVEs the community has triaged.
- CVE-2025-44139HIGH 7.2Real · low riskEPSS 1%
Emlog Pro V2.5.7 is vulnerable to Unrestricted Upload of File with Dangerous Type via /emlog/admin/plugin.php?action=upload_zip
- CVE-2025-25783CRIT 9.8Real · low riskEPSS 1%
An arbitrary file upload vulnerability in the component admin\plugin.php of Emlog Pro v2.5.3 allows attackers to execute arbitrary code via uploading a crafted Zip file.
- CVE-2025-25823HIGH 7.3Real · low riskEPSS 0%
A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the article header at /admin/article.php.
- CVE-2025-25825HIGH 7.1Real · low riskEPSS 0%
A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Titile in the article category section.
- CVE-2025-25818MED 5.1EPSS 0%
A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the postStrVar function at article_save.php.
- CVE-2025-25827MED 6.8EPSS 0%
A Server-Side Request Forgery (SSRF) in the component sort.php of Emlog Pro v2.5.4 allows attackers to scan local and internal ports via supplying a crafted URL.