What is the CVSS score of EUVD-2025-33214?

EUVD-2025-33214 has a CVSS 3.1 base score of 5.4 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. EPSS exploitation probability: 0.0%.

Which versions of Emlog are affected by EUVD-2025-33214?

Organizations using Emlog should be aware of moderate risk from CVE-2025-61599, a cross-site scripting vulnerability rated CVSS 5.4.

Is there a public PoC exploit available for EUVD-2025-33214?

Yes, a public proof-of-concept exploit is available for EUVD-2025-33214. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate EUVD-2025-33214?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Verify Content-Security-Policy and output encoding.

Emlog EUVD-2025-33214

| CVE-2025-61599 MEDIUM

Cross-site Scripting (XSS) (CWE-79)

2025-10-03 security-advisories@github.com

XSS Emlog

5.4

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

5.4 MEDIUM

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 13, 2026 - 19:29 euvd

EUVD-2025-33214

Analysis Generated

Mar 13, 2026 - 19:29 vuln.today

PoC Detected

Oct 08, 2025 - 15:26 vuln.today

Public exploit code

CVE Published

Oct 03, 2025 - 07:15 nvd

MEDIUM 5.4

DescriptionGitHub Advisory

Emlog is an open source website building system. A stored Cross-Site Scripting (XSS) vulnerability exists in the "Twitter"feature of EMLOG Pro 2.5.21 and below. An authenticated user with privileges to post a "Twitter" message can inject arbitrary JavaScript code. The malicious script is stored on the server and gets executed in the browser of any user, including administrators, when they click on the malicious post to view it. This issue does not currently have a fix.

Analysis

Technical ContextAI

Cross-site scripting (XSS) allows injection of client-side scripts into web pages viewed by other users due to insufficient output encoding.

RemediationAI

Encode all user-supplied output contextually (HTML, JS, URL). Implement Content Security Policy (CSP) headers. Use HTTPOnly and Secure cookie flags.

EUVD-2025-33214 vulnerability details – vuln.today

Back