CVE-2025-61930 – Emlog Pro has CSRF issue that Enables Admin Password Reset

CVE ID : CVE-2025-61930

Published : Oct. 10, 2025, 8:15 p.m. | 23 minutes ago

Description : Emlog is an open source website building system. Emlog Pro versions 2.5.19 and earlier are vulnerable to Cross‑Site Request Forgery (CSRF) on the password change endpoint. An attacker can trick a logged‑in administrator into submitting a crafted POST request to change the admin password without consent. Impact is account takeover of privileged users. Severity: High. As of time of publication, no known patched versions exist.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…