← Zuruck zu CVEs
CVE-2025-62618
HIGH8.0
Beschreibung
ELOG allows an authenticated user to upload arbitrary HTML files. The HTML content is executed in the context of other users when they open the file. Because ELOG includes usernames and password hashes in certain HTTP requests, an attacker can obtain the target's credentials and replay them or crack the password hash offline. In ELOG 3.1.5-20251014 release, HTML files are rendered as plain text.
CVE Details
CVSS v3.1 Bewertung8.0
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionREQUIRED
Veroffentlicht10/31/2025
Zuletzt geandert11/10/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
elog_project:elog
Schwachen (CWE)
CWE-79CWE-434CWE-836
Referenzen
https://bitbucket.org/ritt/elog/commits/7092ff64f6eb9521f8cc8c52272a020bf3730946(9119a7d8-5eab-497f-8521-727c672e3725)
https://bitbucket.org/ritt/elog/commits/f81e5695c40997322fe2713bfdeba459d9de09dc(9119a7d8-5eab-497f-8521-727c672e3725)
https://elog.psi.ch/elog/download/RPMS/?C=M;O=D(9119a7d8-5eab-497f-8521-727c672e3725)
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-304-01.json(9119a7d8-5eab-497f-8521-727c672e3725)
https://www.cve.org/CVERecord?id=CVE-2025-62618(9119a7d8-5eab-497f-8521-727c672e3725)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.