Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-62717

Emlog is an open source website building system. In version 2.5.23, Emlog Pro is vulnerable to a session verification code error due to a clearing logic error. This means the verification code could be reused anywhere an email verification code is required. This issue has been fixed in commit 1f726df.

Published

2025-10-24T21:16:12.963

Last Modified

2025-10-28T14:15:50.700

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.1 (CRITICAL)

Weaknesses

Type: Secondary
CWE-287
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	emlog	emlog	2.5.23	Yes

References

https://github.com/emlog/emlog/commit/1f726df0ce56a1bc6e8225dd95389974173bd0c0 Patch ([email protected])
https://github.com/emlog/emlog/security/advisories/GHSA-wwj4-ppfj-hcm6 Vendor Advisory ([email protected])