CVE-2025-25825
Published: 26 February 2025
Summary
CVE-2025-25825 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Emlog Emlog. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique JavaScript (T1059.007); ranked at the 32.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 requires validating and sanitizing inputs to the article category title field to block crafted XSS payloads.
SI-15 mandates output filtering and encoding of title field content when rendered in web pages to prevent script execution.
SI-2 ensures timely patching or remediation of the specific XSS flaw in Emlog Pro v2.5.4.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stored XSS enables arbitrary JavaScript execution in victim browsers (T1059.007), directly facilitating browser session hijacking (T1185) and theft of web session cookies (T1539) via injected payloads in the Title field.
NVD Description
A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Titile in the article category section.
Deeper analysisAI
CVE-2025-25825 is a cross-site scripting (XSS) vulnerability, classified under CWE-79, affecting Emlog Pro version 2.5.4. The flaw allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Title field within the article category section. Published on 2025-02-26, it has a CVSS v3.1 base score of 7.1, reflecting high confidentiality and integrity impacts with no availability impact.
The vulnerability can be exploited by attackers requiring local access (AV:L), low attack complexity (AC:L), no privileges (PR:N), and user interaction (UI:R), with unchanged scope (S:U). Exploitation involves crafting and injecting a malicious payload into the specified Title field, enabling execution of scripts in the context of affected users' browsers, potentially leading to theft of sensitive data or manipulation of page content.
Advisories and further details are available in the provided references, including the official Emlog Pro site at http://emlogpro.com, a GitHub analysis at https://github.com/Ka7arotto/emlog/blob/main/xss-4.md, and the Emlog network at https://www.emlog.net/. These resources likely outline mitigation steps such as applying patches or input sanitization, though specific patch details are not detailed in the CVE description.
Details
- CWE(s)