CVE-2025-64349

Name of the Vulnerable Software and Affected Versions ELOG (affected versions not specified)

Description The ELOG platform, an electronic logbook system, has an issue where an authenticated attacker with low privileges can modify another user's profile. Specifically, an attacker can alter a target user’s email address and then initiate a password reset to gain control of the account. The system, by default, does not allow self-registration. The affected API endpoint is not specified. The vulnerable parameter is the email address within a user's profile. The modifyUserProfile() function is implicated in this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.