CVE-2025-9296

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-9296

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-9296.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-9296

Published

2025-08-21T12:15:29.623Z

Modified

2026-04-10T05:36:36.351769Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A security vulnerability has been detected in Emlog Pro up to 2.5.18. This affects an unknown function of the file /admin/blogger.php?action=update_avatar. Such manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

Affected packages

Git / github.com/emlog/emlog

Affected ranges

Type

GIT

Repo

https://github.com/emlog/emlog

Events

Introduced

Last affected

1a1c85ca8a49239641cc974ae874461aea6dd92e

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.5.18"
        }
    ]
}

Affected versions

5.*

5.3.1

6.*

6.0.0

6.1.0

Other

pro-test-01

pro-test-02

emlog_5.*

emlog_5.1.2

emlog_5.2.0

emlog_5.2.1

emlog_5.3.0

pro-1.*

pro-1.0.1

pro-1.0.2

pro-1.0.3

pro-1.0.4

pro-1.0.5

pro-1.0.6

pro-1.0.7

pro-1.0.8

pro-1.1.0

pro-1.1.1

pro-1.2.0

pro-1.2.1

pro-1.2.2

pro-1.3.0

pro-1.3.1

pro-1.4.0

pro-1.5.0

pro-1.5.0.new

pro-1.5.1

pro-1.6.0

pro-1.7.0

pro-1.7.1

pro-1.8.0

pro-1.9.0

pro-1.9.1

pro-1.9.2

pro-1.9.3

pro-2.*

pro-2.0.0

pro-2.0.1

pro-2.0.2

pro-2.0.3

pro-2.1.0

pro-2.1.1

pro-2.1.10

pro-2.1.11

pro-2.1.12

pro-2.1.13

pro-2.1.14

pro-2.1.15

pro-2.1.2

pro-2.1.3

pro-2.1.4

pro-2.1.5

pro-2.1.6

pro-2.1.7

pro-2.1.8

pro-2.1.9

pro-2.2.0

pro-2.2.1

pro-2.2.10

pro-2.2.11

pro-2.2.2

pro-2.2.3

pro-2.2.4

pro-2.2.5

pro-2.2.6

pro-2.2.7

pro-2.2.8

pro-2.2.9

pro-2.3.0

pro-2.3.1

pro-2.3.10

pro-2.3.11

pro-2.3.12

pro-2.3.13

pro-2.3.14

pro-2.3.15

pro-2.3.16

pro-2.3.17

pro-2.3.18

pro-2.3.2

pro-2.3.4

pro-2.3.5

pro-2.3.6

pro-2.3.7

pro-2.3.8

pro-2.3.9

pro-2.4.0

pro-2.4.1

pro-2.4.2

pro-2.4.3

pro-2.5.1

pro-2.5.10

pro-2.5.11

pro-2.5.12

pro-2.5.13

pro-2.5.14

pro-2.5.15

pro-2.5.16

pro-2.5.17

pro-2.5.18

pro-2.5.2

pro-2.5.3

pro-2.5.4

pro-2.5.5

pro-2.5.6

pro-2.5.7

pro-2.5.8

pro-2.5.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-9296.json"