CVE-2025-30372
Published: 28 March 2025
Summary
CVE-2025-30372 is a critical-severity SQL Injection (CWE-89) vulnerability in Emlog Emlog. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 6.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 requires validating and sanitizing user inputs like double-encoded URL parameters in search_controller.php to prevent SQL injection bypasses of addslashes after urldecode.
SI-2 mandates timely flaw remediation by applying patches such as upgrading Emlog Pro to version pro-2.5.9 to fix the SQL injection vulnerability.
RA-5 enables vulnerability scanning to identify SQL injection flaws like CVE-2025-30372 in search_controller.php before exploitation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The SQL injection vulnerability in the public-facing Emlog Pro web application directly enables remote unauthenticated exploitation, mapping to T1190: Exploit Public-Facing Application. The double-encoding bypass and critical CVSS impacts confirm this as the primary technique facilitated by the flaw.
NVD Description
Emlog is an open source website building system. Emlog Pro versions pro-2.5.7 and pro-2.5.8 contain an SQL injection vulnerability. `search_controller.php` does not use addslashes after urldecode, allowing the preceeding addslashes to be bypassed by URL double encoding. This could result…
more
in potential leakage of sensitive information from the user database. Version pro-2.5.9 fixes the issue.
Deeper analysisAI
CVE-2025-30372 is an SQL injection vulnerability affecting Emlog Pro, an open source website building system, specifically in versions pro-2.5.7 and pro-2.5.8. The issue resides in the `search_controller.php` file, which fails to apply addslashes after urldecode, enabling attackers to bypass prior addslashes protections through URL double encoding. This flaw, classified under CWE-89, carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity with high impacts on confidentiality, integrity, and availability.
Unauthenticated remote attackers can exploit this vulnerability over the network with low complexity and no user interaction required. By crafting malicious requests with double-encoded payloads, they can inject SQL code, potentially leading to leakage of sensitive information from the user database and broader compromise given the high CVSS impacts on integrity and availability.
The GitHub security advisory (GHSA-w6xc-r6x5-m77c) confirms that Emlog Pro version pro-2.5.9 addresses the vulnerability. Security practitioners should upgrade to this patched version immediately and review access logs for suspicious search queries involving double-encoded URLs.
Details
- CWE(s)