CVE-2025-52136

Published: Aug 10, 2025Modified: Aug 12, 2025

3.0

Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N

Exploitability: 1.3 / Impact: 1.4

Source: MITRE (Secondary)

Description

In EMQX before 5.8.6, administrators can install arbitrary novel plugins via the Dashboard web interface. NOTE: the Supplier's position is that this is the intended behavior; however, 5.8.6 adds a defense-in-depth feature in which a plugin's acceptability (for later Dashboard installation) is set by the "emqx ctl plugins allow" CLI command.

Related CWEs

CWE-754

Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

References (4)

https://docs.emqx.com/en/emqx/latest/dashboard/introduction.html

Source: cve@mitre.org

https://docs.emqx.com/en/emqx/latest/deploy/install-docker.html

Source: cve@mitre.org

https://github.com/ricardojoserf/emqx-RCE

Source: cve@mitre.org

https://github.com/ricardojoserf/emqx-RCE

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Timeline

No history available yet.