CVE-2025-52136

ℹ️ low

Summary

In EMQX before 5.8.6, administrators can install arbitrary novel plugins via the Dashboard web interface. NOTE: the Supplier's position is that this is the intended behavior; however, 5.8.6 adds a defense-in-depth feature in which a plugin's acceptability (for later Dashboard installation) is set by the "emqx ctl plugins allow" CLI command.

CVSS Score

3.0

Low

EPSS Score

0.0

Exploit Probability

Published Date

2025-08-10

First Seen: 2026-01-05

📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 1.9% of all 329,778 vulnerabilities in our database.

#323,663

Below average severity

Severity Percentile

🎯 CISA SSVC Assessment Updated: Aug 12, 2025

🔍 Exploitation Status

Poc

Proof-of-concept available

⚙️ Automatable

Requires human interaction

💥 Technical Impact

Partial

Limited system impact

SSVC data provided by CISA

Last Modified 2025-08-12

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N

CWE IDs (Weakness Types)

CWE-754

📦 Affected Products 1

Vendor	Product	Status	Affected Versions
emqx	emqx	Affected	< 5.8.6

🔗 References 3

🔗 Related CVEs 3

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-8741	ℹ️ low	3.1	0.1	A vulnerability has been found in EMQX up to 6.2.0. This affects an unknown function of the file apps/emqx/src/emqx_pers...	2026-05-17
CVE-2023-37781	🔶 medium	6.5	0.5	An issue in the emqx_sn plugin of EMQX v4.3.8 allows attackers to execute a directory traversal via uploading a crafted ...	2023-07-17
CVE-2021-46434	🔶 medium	5.3	0.2	EMQ X Dashboard V3.0.0 is affected by username enumeration in the "/api /v3/auth" interface. When a user login, the appl...	2022-03-28

These CVEs affect the same products