CVE-2025-52136 Information

Aug 11, 2025 cve

Description

In EMQX before 5.8.6 administrators can install arbitrary novel plugins via the Dashboard web interface. NOTE: the Supplier’s position is that this is the intended behavior; however 5.8.6 adds a defense-in-depth feature in which a plugin’s acceptability (for later Dashboard installation) is set by the mqx ctl plugins allow\ CLI command.

Reference

https://docs.emqx.com/en/emqx/latest/dashboard/introduction.html https://docs.emqx.com/en/emqx/latest/deploy/install-docker.html https://github.com/ricardojoserf/emqx-RCE

CNNVD-202508-853 (Published: 2025-08-10)

Share on:

CVE-2025-52136 Information

Description

Reference

Related CNNVD