CVE-2025-25825

CVE-2025-25825 is a cross-site scripting (XSS) vulnerability, classified under CWE-79, affecting Emlog Pro version 2.5.4. The flaw allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Title field within the article category section. Published on 2025-02-26, it has a CVSS v3.1 base score of 7.1, reflecting high confidentiality and integrity impacts with no availability impact.

The vulnerability can be exploited by attackers requiring local access (AV:L), low attack complexity (AC:L), no privileges (PR:N), and user interaction (UI:R), with unchanged scope (S:U). Exploitation involves crafting and injecting a malicious payload into the specified Title field, enabling execution of scripts in the context of affected users' browsers, potentially leading to theft of sensitive data or manipulation of page content.

Advisories and further details are available in the provided references, including the official Emlog Pro site at http://emlogpro.com, a GitHub analysis at https://github.com/Ka7arotto/emlog/blob/main/xss-4.md, and the Emlog network at https://www.emlog.net/. These resources likely outline mitigation steps such as applying patches or input sanitization, though specific patch details are not detailed in the CVE description.