CVE Catalog

CVE-2025-25783

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.64%

46th percentile - higher than 46% of all known CVEs

Summary

An arbitrary file upload vulnerability was found in Emlog Pro version 2.5.3 within the admin\plugin.php component. It allows an attacker to execute arbitrary code by uploading a crafted ZIP file.

Risk Assessment

The risk involves remote code execution, potentially leading to full server compromise, data theft, or lateral movement within the network.

Recommendation

Immediately update Emlog Pro to the latest available version that fixes this vulnerability. Until then, restrict access to the admin panel and implement file upload validation.

Original NVD description (English source)

An arbitrary file upload vulnerability in the component admin\plugin.php of Emlog Pro v2.5.3 allows attackers to execute arbitrary code via uploading a crafted Zip file.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS