Home

Description

ELOG allows an authenticated user to upload arbitrary HTML files. The HTML content is executed in the context of other users when they open the file. Because ELOG includes usernames and password hashes in certain HTTP requests, an attacker can obtain the target's credentials and replay them or crack the password hash offline. In ELOG 3.1.5-20251014 release, HTML files are rendered as plain text.

PUBLISHED Reserved 2025-10-16 | Published 2025-10-31 | Updated 2025-11-04 | Assigner cisa-cg




HIGH: 8.6CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
HIGH: 8.0CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Problem types

CWE-434 Unrestricted Upload of File with Dangerous Type

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-836 Use of Password Hash Instead of Password for Authentication

Product status

Default status
unknown

Any version before 3.1.5-20251014
affected

3.1.5-20251014
unaffected

Credits

Karl Meister, CISA

References

bitbucket.org/...ts/f81e5695c40997322fe2713bfdeba459d9de09dc (url)

elog.psi.ch/elog/download/RPMS/?C=M;O=D (url)

bitbucket.org/...ts/7092ff64f6eb9521f8cc8c52272a020bf3730946 (url)

raw.githubusercontent.com/...IT/white/2025/va-25-304-01.json (url)

www.cve.org/CVERecord?id=CVE-2025-62618 (url)

cve.org (CVE-2025-62618)

nvd.nist.gov (CVE-2025-62618)

Download JSON