CVE-2025-25783

CVE-2025-25783 is an arbitrary file upload vulnerability in the admin\plugin.php component of Emlog Pro v2.5.3. Published on 2025-02-26, it allows attackers to execute arbitrary code by uploading a crafted ZIP file. The issue is classified under CWE-434 (Unrestricted Upload of File with Dangerous Type) and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical.

Remote attackers without authentication can exploit this vulnerability over the network with low attack complexity and no user interaction required. Successful exploitation enables arbitrary code execution on the server, providing high-impact access to confidentiality, integrity, and availability of the affected system.

Advisories and further details are referenced at http://emlogpro.com, https://www.emlog.net/, and https://github.com/Ka7arotto/emlog/blob/main/emlog-3.md. Security practitioners should review these vendor and community sources for patch information or mitigation guidance specific to Emlog Pro installations.