CVE-2025-61318

CriticalPublic PoC

Published: 08 December 2025

Published

08 December 2025

Modified

09 December 2025

KEV Added

—

Patch

—

CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

EPSS Score 0.0106 77.7th percentile

Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Description

Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. They fail to perform path verification and dangerous code filtering for deletion parameters, allowing attackers to exploit this feature for…

directory traversal.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Mandates validation of untrusted inputs like deletion parameters to prevent directory traversal and arbitrary file deletion in admin/template.php and admin/plugin.php.

SI-2 Flaw Remediation good match

prevent

Requires timely remediation of flaws such as the missing path verification, directly addressing the vulnerability through patching.

AC-3 Access Enforcement partial match

prevent

Enforces approved authorizations for file operations, mitigating unauthorized deletions via traversal beyond intended admin directories.

Security SummaryAI

CVE-2025-61318 is an arbitrary file deletion vulnerability affecting Emlog Pro version 2.5.20. The issue arises in the admin/template.php and admin/plugin.php components, which fail to perform proper path verification and dangerous code filtering on deletion parameters. This flaw enables directory traversal attacks. It has a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H) and is associated with CWE-24 (Path Traversal) and NVD-CWE-Other.

Unauthenticated attackers can exploit this vulnerability remotely over the network with low complexity and no user interaction required. By manipulating deletion parameters, they can traverse directories and delete arbitrary files on the server, resulting in high integrity and availability impacts but no confidentiality loss.

The primary advisory reference is available at https://github.com/AndyNull/em/blob/main/emlog%20pro%20-%20del%20vuln.md, which provides further technical details on the vulnerability. No specific patch or mitigation guidance is detailed in the provided CVE information.

Details

CWE(s): NVD-CWE-Other CWE-24

Affected Products

emlog

2.5.20

MITRE ATT&CK Enterprise TechniquesAI

T1070.004 File Deletion Stealth

Adversaries may delete files left behind by the actions of their intrusion activity.

attack.mitre.org →

Why these techniques?

Arbitrary file deletion via directory traversal in admin components enables indicator removal through file deletion (T1070.004) and file deletion for disruptive impact (T1107).

References

https://github.com/AndyNull/em/blob/main/emlog%20pro%20-%20del%20vuln.md
Exploit, Third Party Advisory · cve@mitre.org