What is CVE-2025-52136?

CVE-2025-52136 is a low-severity vulnerability in Emqx, classified under Improper Check for Unusual or Exceptional Conditions. CVSS score: 3.0/10. Published 2025-08-10.

How severe is CVE-2025-52136?

Low severity. CVSS v3 base score is 3.0 out of 10.

Vulnerability in Emqx

CVE-2025-52136

In EMQX before 5.8.6, administrators can install arbitrary novel plugins via the Dashboard web interface. NOTE: the Supplier's position is that this is the intended behavior; however, 5.8.6 adds a defense-in-depth feature in which a plugin…

EPSS: 0.000 (15.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.0 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N.

Affected products

Emqx — versions 0

Weakness classification (CWE)

CWE-754 — Improper Check for Unusual or Exceptional Conditions

References

github.com/ricardojoserf/emqx-RCE
docs.emqx.com/en/emqx/latest/dashboard/introduction.html
docs.emqx.com/en/emqx/latest/deploy/install-docker.html

Frequently asked questions

What is CVE-2025-52136?: CVE-2025-52136 is a low-severity vulnerability in Emqx, classified under Improper Check for Unusual or Exceptional Conditions. CVSS score: 3.0/10. Published 2025-08-10.
How severe is CVE-2025-52136?: Low severity. CVSS v3 base score is 3.0 out of 10.