What is CVE-2025-50286?

CVE-2025-50286 is a vulnerability in N/a. Published 2025-08-06.

Is CVE-2025-50286 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2025-50286

A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Once uploaded, the plugin is automatically extracted and loaded, allo…

EPSS: 0.731 (98.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

binneko/CVE-2025-50286
x1o3/CVE-2025-50286
rapid7/metasploit-framework
fkie-cad/nvd-json-data-feeds
nomi-sec/PoC-in-GitHub
yembors64632/cve_

References

github.com/binneko/CVE-2025-50286

Frequently asked questions

What is CVE-2025-50286?: CVE-2025-50286 is a vulnerability in N/a. Published 2025-08-06.
Is CVE-2025-50286 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.