CVE-2025-30372 – Emlog Pro versions 2.5.7 and 2.5.8 contain an S... (How to Fix)

Q: What is the severity of CVE-2025-30372?

CVE-2025-30372 has a CVSS score of 9.8 (CRITICAL). Emlog Pro versions 2.5.7 and 2.5.8 contain an SQL injection vulnerability in search_controller.php due to improper input sanitization. Attackers can bypass addslashes protection using URL double encoding to execute arbitrary SQL queries. This affects all websites running vulnerable Emlog Pro versions.

📋 TL;DR

Emlog Pro versions 2.5.7 and 2.5.8 contain an SQL injection vulnerability in search_controller.php due to improper input sanitization. Attackers can bypass addslashes protection using URL double encoding to execute arbitrary SQL queries. This affects all websites running vulnerable Emlog Pro versions.

💻 Affected Systems

Products:

Emlog Pro

Versions: pro-2.5.7 through pro-2.5.8

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Emlog Pro (paid version), not the free Emlog version. Requires search functionality to be accessible.

📦 What is this software?

Emlog by Emlog

View all CVEs affecting Emlog →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including user credentials, personal data, and administrative access leading to full system takeover.

🟠

Likely Case

Extraction of sensitive user information like usernames, email addresses, and potentially hashed passwords from the database.

🟢

If Mitigated

Limited information disclosure if database permissions are properly restricted and WAF blocks SQL injection patterns.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Vulnerability is in public advisory with technical details. SQL injection via search parameter manipulation requires minimal technical skill.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: pro-2.5.9

Vendor Advisory: https://github.com/emlog/emlog/security/advisories/GHSA-w6xc-r6x5-m77c

Restart Required: No

Instructions:

1. Backup your Emlog Pro installation and database. 2. Download pro-2.5.9 from official Emlog sources. 3. Replace all files with the new version. 4. Verify the search functionality works correctly.

🔧 Temporary Workarounds

WAF Rule Implementation

all

Deploy web application firewall rules to block SQL injection patterns and URL double encoding attempts.

Search Function Restriction

all

Temporarily disable or restrict access to search functionality until patching is complete.

🧯 If You Can't Patch

Implement strict input validation and parameterized queries in search_controller.php
Deploy database-level protections including minimal privilege accounts and query logging

🔍 How to Verify

Check if Vulnerable:

Check Emlog Pro admin panel for version number. If version is pro-2.5.7 or pro-2.5.8, the system is vulnerable.

Check Version:

Check Emlog admin dashboard or examine /content/config.php for version information

Verify Fix Applied:

After updating, confirm version shows pro-2.5.9 in admin panel and test search functionality with various inputs.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages in application logs
Multiple failed search attempts with encoded parameters
Database queries with unusual syntax from web server IP

Network Indicators:

HTTP requests to search endpoints with URL-encoded %25 sequences
Abnormal parameter patterns in GET/POST requests to search functionality

SIEM Query:

source="web_logs" AND (uri_path="*search*" OR uri_query="*search*") AND (uri_query MATCHES "%25[0-9a-fA-F]{2}%25" OR status_code=500)

📊 Metadata

CVE ID: CVE-2025-30372

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

EPSS Score: 0.27% exploit probability (50.4th percentile)

Published: March 28, 2025

Last Updated: April 14, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-30372, you might also want to check these: