Cyber Posture

CVE-2025-25823

High

Published: 26 February 2025

Published
26 February 2025
Modified
07 April 2025
KEV Added
Patch
CVSS Score 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
EPSS Score 0.0013 32.3th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-25823 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Emlog Emlog. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Browser Session Hijacking (T1185); ranked at the 32.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Threat & Defense at a Glance

What attackers do: exploitation maps to Browser Session Hijacking (T1185). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly mitigates the XSS vulnerability by validating and sanitizing crafted payloads injected into the article header at /admin/article.php to prevent arbitrary script execution.

SI-15 Information Output Filtering good match
prevent

Prevents execution of injected malicious scripts by filtering and encoding article header outputs before rendering in victims' browsers.

SI-2 Flaw Remediation good match
prevent

Addresses the specific flaw in Emlog Pro v2.5.4 through timely identification, reporting, and patching to remediate the XSS vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1185 Browser Session Hijacking Collection
Adversaries may take advantage of security vulnerabilities and inherent functionality in browser software to change content, modify user-behaviors, and intercept information as part of various browser session hijacking techniques.
attack.mitre.org →
Why these techniques?

Stored/reflected XSS directly enables arbitrary script execution in victim browser, facilitating session hijacking as described.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the article header at /admin/article.php.

Deeper analysisAI

CVE-2025-25823, published on 2025-02-26, is a cross-site scripting (XSS) vulnerability classified under CWE-79 that affects Emlog Pro version 2.5.4. The issue occurs in the article header functionality at the /admin/article.php endpoint, where attackers can inject a crafted payload to execute arbitrary web scripts or HTML. It carries a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L), reflecting high impacts on confidentiality and integrity with low availability impact.

Attackers can exploit this vulnerability by injecting malicious payloads into the article header through the affected admin interface. Exploitation requires local access vector with low attack complexity, no privileges, and user interaction, enabling execution of arbitrary scripts in the context of the victim's browser. This can lead to outcomes such as session hijacking, data theft, or unauthorized actions on the site.

Advisories and further details on mitigation are available in the provided references: http://emlogpro.com, https://github.com/Ka7arotto/emlog/blob/main/xss-3.md, and https://www.emlog.net/. Security practitioners should review these sources for recommended patches or workarounds.

Details

CWE(s)
CWE-79

Affected Products

emlog
emlog
2.5.4

CVEs Like This One

CVE-2025-25825Same product: Emlog Emlog
CVE-2026-21430Same product: Emlog Emlog
CVE-2025-25783Same product: Emlog Emlog
CVE-2026-21433Same product: Emlog Emlog
CVE-2025-30372Same product: Emlog Emlog
CVE-2025-61318Same product: Emlog Emlog
CVE-2026-31954Same product: Emlog Emlog
CVE-2026-22799Same product: Emlog Emlog
CVE-2025-9296Same product: Emlog Emlog
CVE-2026-34607Same product: Emlog Emlog

References