Plugin Vulnerability in EMQX Dashboard by EMQ Technologies
CVE-2025-52136

3LOW

Key Information:

Vendor: EMQx
Status: EMQx
Vendor: CVE Published:; 10 August 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-52136?

In EMQX versions before 5.8.6, a vulnerability exists that allows administrators to install arbitrary plugins via the Dashboard web interface. While the vendor suggests that this behavior is intended, it raises significant security concerns as it can lead to unauthorized plugin installs. Following the release of version 5.8.6, a new defensive feature was introduced, enabling administrators to control plugin acceptability by using the 'emqx ctl plugins allow' command in the CLI. This enhancement adds an extra layer of security to plugin management within the EMQX Dashboard.

Affected Version(s)

EMQX 0 < 5.8.6

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-52136
Created by f1r3K0

References

https://github.com/ricardojoserf/emqx-RCE

https://docs.emqx.com/en/emqx/latest/dashboard/introducti...

https://docs.emqx.com/en/emqx/latest/deploy/install-docke...

CVSS V3.1

Score:

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Oct 17, 2025
👾
Exploit known to exist
Oct 17, 2025
Vulnerability published
Aug 10, 2025
Vulnerability Reserved
Jun 16, 2025

JSON

EMQx

Badges

What is CVE-2025-52136?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V3.1

Timeline