anonhaven
Ad

CVE-2025-62717

CRITICAL CVSS 3.1: 9.1 EPSS 0.07%
Updated Oct 28, 2025
Emlog
Parameter Value
CVSS 9.1 (CRITICAL)
Type CWE-287 (Improper Authentication)
Vendor Emlog
Public PoC No

Emlog is an open source website building system. In version 2.5.23, Emlog Pro is vulnerable to a session verification code error due to a clearing logic error. This means the verification code could be reused anywhere an email verification code is required.

This issue has been fixed in commit 1f726df.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
None
No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-287 Improper Authentication

Vulnerable Products 1

Configuration From (including) Up to (excluding)
Emlog Emlog
cpe:2.3:a:emlog:emlog:2.5.23:*:*:*:pro:*:*:*

References 2

https://github.com/emlog/emlog/commit/1f726df0ce56a1bc6e8225dd95389974173bd0c0
security-advisories@github.com
https://github.com/emlog/emlog/security/advisories/GHSA-wwj4-ppfj-hcm6
security-advisories@github.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-31954

Emlog

7.3

CVE-2026-22799

Emlog

9.3

CVE-2025-25827

Emlog

6.8

CVE-2025-25825

Emlog

7.1

CVE-2025-25823

Emlog

7.3