CVE-2025-25783
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk46th percentile - higher than 46% of all known CVEs
Summary
An arbitrary file upload vulnerability was found in Emlog Pro version 2.5.3 within the admin\plugin.php component. It allows an attacker to execute arbitrary code by uploading a crafted ZIP file.
Risk Assessment
The risk involves remote code execution, potentially leading to full server compromise, data theft, or lateral movement within the network.
Recommendation
Immediately update Emlog Pro to the latest available version that fixes this vulnerability. Until then, restrict access to the admin panel and implement file upload validation.
Original NVD description (English source)
An arbitrary file upload vulnerability in the component admin\plugin.php of Emlog Pro v2.5.3 allows attackers to execute arbitrary code via uploading a crafted Zip file.

