Main Vulnerability Database Vulnerabilities #VU125572

#VU125572 Improper input validation in Emlog Pro - CVE-2025-47787

Published: April 9, 2026

Vulnerability identifier: #VU125572

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-47787

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Emlog Pro

Software vendor:
Emlog

Description

The vulnerability allows a remote user to execute arbitrary code.

The vulnerability exists due to improper input validation in /admin/store.php when downloading and installing remotely supplied ZIP plugin files. A remote user can send a specially crafted request with a malicious plugin archive URL to execute arbitrary code.

The issue occurs in the plugin installation functionality and requires access to initiate the remote plugin download request.

Remediation

Install security update from vendor's website.

External links

https://github.com/emlog/emlog/security/advisories/GHSA-4mcj-8gvh-p753

#VU125572 Improper input validation in Emlog Pro - CVE-2025-47787

Description

Remediation

External links

Please verify you're human