CVE-2025-64348

Source
https://cve.org/CVERecord?id=CVE-2025-64348
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-64348.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-64348
Published
2025-10-31T18:31:21.412Z
Modified
2026-07-08T08:12:44.385375143Z
Severity
  • 9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/MPR:N/MSC:H/MSI:H/MSA:H CVSS Calculator
Summary
ELOG configuration file authorization bypass
Details

ELOG allows an authenticated user to modify or overwrite the configuration file, resulting in denial of service. If the execute facility is specifically enabled with the "-x" command line flag, attackers could execute OS commands on the host machine. By default, ELOG is not configured to allow shell commands or self-registration.

Database specific
{
    "cna_assigner": "cisa-cg",
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "*"
                },
                {
                    "last_affected": "*"
                }
            ]
        }
    ],
    "cwe_ids": [
        "CWE-862"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/64xxx/CVE-2025-64348.json"
}
References

Affected packages

Git / bitbucket.org/ritt/elog

Affected ranges

Type
GIT
Repo
https://bitbucket.org/ritt/elog
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
7092ff64f6eb9521f8cc8c52272a020bf3730946
Fixed
f81e5695c40997322fe2713bfdeba459d9de09dc
Database specific
{
    "source": "REFERENCES"
}

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-64348.json"