CVE-2025-64348
ELOG configuration file authorization bypass
ELOG allows an authenticated user to modify or overwrite the configuration file, resulting in denial of service. If the execute facility is specifically enabled with the "-x" command line flag, attackers could execute OS commands on the host machine. By default, ELOG is not configured to allow shell commands or self-registration.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/MPR:N/MSC:H/MSI:H/MSA:H
Productos afectados
ELOG · ELOG¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://bitbucket.org/ritt/elog/commits/7092ff64f6eb9521f8cc8c52272a020bf3730946https://bitbucket.org/ritt/elog/commits/f81e5695c40997322fe2713bfdeba459d9de09dchttps://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-304-01.jsonhttps://www.cve.org/CVERecord?id=CVE-2025-64348