f1r3K0

1 exploit Active since Aug 2025
CVE-2025-52136 GITHUB LOW go WORKING POC
EMQX < 5.8.6 - Authenticated Arbitrary Plugin Installation via Dashboard
In EMQX before 5.8.6, administrators can install arbitrary novel plugins via the Dashboard web interface. NOTE: the Supplier's position is that this is the intended behavior; however, 5.8.6 adds a defense-in-depth feature in which a plugin's acceptability (for later Dashboard installation) is set by the "emqx ctl plugins allow" CLI command.
4 stars
CVSS 3.0