CVE-2025-52136

LOW

EMQX < 5.8.6 - Authenticated Arbitrary Plugin Installation via Dashboard

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-52136. PoCs published by f1r3K0.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2025-52136, leveraging MQTT-based command execution and tunneling to achieve RCE on EMQX servers. The PoC includes a Go-based agent for command execution and a tunneling mechanism for internal network access.

Description

In EMQX before 5.8.6, administrators can install arbitrary novel plugins via the Dashboard web interface. NOTE: the Supplier's position is that this is the intended behavior; however, 5.8.6 adds a defense-in-depth feature in which a plugin's acceptability (for later Dashboard installation) is set by the "emqx ctl plugins allow" CLI command.

Exploits (1)

github WORKING POC 4 stars
by f1r3K0 · gopoc
https://github.com/f1r3K0/CVE-2025-52136

This repository contains a functional exploit for CVE-2025-52136, leveraging MQTT-based command execution and tunneling to achieve RCE on EMQX servers. The PoC includes a Go-based agent for command execution and a tunneling mechanism for internal network access.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: EMQX (version not specified)
Auth required
Prerequisites: Access to EMQX plugin upload functionality · MQTT broker connectivity
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 3.0
EPSS 0.0026
EPSS Percentile 16.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-754
Status published
Products (1)
EMQX/EMQX < 5.8.6
Published Aug 10, 2025
Tracked Since Feb 18, 2026