CVE Daily

CVE-2025-47784

Emlog is an open source website building system. Versions 2.5.13 and prior have ...

Critical CVSS 9.8

Overview

Emlog is an open source website building system. Versions 2.5.13 and prior have a deserialization vulnerability. A user who creates a carefully crafted nickname can cause `str_replace` to replace the value of `name_orig` with empty, causing deserialization to fail and return `false`. Commit 9643250802188b791419e3c2188577073256a8a2 fixes the issue.

CWE: CWE-502 Published: 2025-05-15T20:16:08.820
Risk analysis

This vulnerability is rated 🔴 CRITICAL.

  • CVSS: 9.8 (CRITICAL)
  • Detected tags: deserialization (tag impact: MODERATE)

Recommended actions:

  • Avoid untrusted deserialization; prefer safe formats (JSON) and signatures.

Recommended tools

Tags