CVE-2025-61930

Name of the Vulnerable Software and Affected Versions Emlog Pro versions 2.5.19 and earlier

Description Emlog Pro versions 2.5.19 and earlier are susceptible to a Cross-Site Request Forgery (CSRF) issue on the password change endpoint. This allows an attacker to trick a logged-in administrator into submitting a crafted POST request, leading to unauthorized password changes. Successful exploitation can result in account takeover of privileged users. CSRF is an attack where an authenticated user is tricked into performing unwanted actions on a web application.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.