CVE-2025-61599 in Proinfo

Summary

by MITRE • 10/03/2025

Emlog is an open source website building system. A stored Cross-Site Scripting (XSS) vulnerability exists in the "Twitter"feature of EMLOG Pro 2.5.21 and below. An authenticated user with privileges to post a "Twitter" message can inject arbitrary JavaScript code. The malicious script is stored on the server and gets executed in the browser of any user, including administrators, when they click on the malicious post to view it. This issue does not currently have a fix.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 10/03/2025

The vulnerability CVE-2025-61599 represents a critical stored cross-site scripting flaw within EMLOG Pro version 2.5.21 and earlier releases. This security weakness specifically affects the Twitter feature of the content management system, which is commonly used for social media integration and user-generated content management. The vulnerability stems from inadequate input validation and output encoding mechanisms that fail to properly sanitize user-supplied data before it is stored in the database and subsequently rendered to end users. The affected system processes Twitter messages without sufficient sanitization, creating an environment where malicious actors can inject persistent JavaScript payloads that execute in the context of other users' browsers.

The technical exploitation of this vulnerability requires an authenticated user account with permission to create Twitter posts within the EMLOG Pro system. This authentication requirement significantly reduces the attack surface compared to reflected XSS vulnerabilities, but the impact remains severe given that administrators often have elevated privileges and frequently interact with user-generated content. When a malicious user crafts a Twitter message containing JavaScript code and submits it through the legitimate interface, the system stores this content without proper sanitization. The stored payload becomes persistent and executes whenever any user, including administrators, views the malicious Twitter post, creating a prime vector for privilege escalation and session hijacking attacks.

The operational impact of this vulnerability extends beyond simple script execution, as it creates potential for comprehensive compromise of the affected system and its users. Administrators who view malicious Twitter posts could have their sessions hijacked, leading to unauthorized access to sensitive administrative functions and data. The vulnerability enables attackers to execute malicious scripts that can steal cookies, capture user credentials, perform unauthorized actions on behalf of victims, or redirect users to malicious websites. This stored XSS vulnerability particularly threatens the integrity of user data and system security, as it allows attackers to maintain persistent access through the Twitter feature interface. The lack of a current fix means that organizations using EMLOG Pro 2.5.21 or earlier versions remain exposed to potential exploitation, with no immediate mitigation path available through official patches or updates.

Organizations affected by this vulnerability should implement immediate compensating controls to reduce risk exposure while planning for system upgrades. The primary mitigation strategy involves implementing strict input validation and output encoding mechanisms that sanitize all user-supplied data before storage and rendering. Security measures should include content security policy headers, proper HTML encoding of user-generated content, and regular security audits of input handling processes. From a threat modeling perspective, this vulnerability aligns with CWE-79 (Cross-site Scripting) and represents a classic example of how web applications can fail to properly validate and sanitize user input. The ATT&CK framework categorizes this as a technique for code injection and privilege escalation, as the vulnerability enables attackers to execute arbitrary code in the context of other users. Organizations should also consider implementing web application firewalls and monitoring for suspicious user activity patterns that might indicate exploitation attempts. The absence of a fix for this vulnerability emphasizes the critical importance of maintaining updated software versions and implementing robust security practices to prevent exploitation of known vulnerabilities.

Responsible

GitHub M

Reservation

09/26/2025

Disclosure

10/03/2025

Moderation

accepted

CPE

ready

EPSS

0.00189

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!