CVE-2025-62717
CRITICAL WAF: Low
CVSS 9.1
Published: 2025-10-24
CWE-287
Emlog is an open source website building system. In version 2.5.23, Emlog Pro is vulnerable to a session verification code error due to a clearing logic error. This means the verification code could be reused anywhere an email verification code is required. This issue has been fixed in commit 1f726df.
WAF Coverage Analysis
Improper Authentication
Low WAF Coverage
OWASP: A07:2021 Identification and Authentication Failures
Affected Software
| Vendor | Product | Version |
|---|---|---|
| emlog | emlog | 2.5.23 |
References
- github.com (Patch)
- github.com (Vendor Advisory)