CVE-2025-52136 – EMQX Unvalidated Plugin Installation Vulnerability

CVE ID : CVE-2025-52136

Published : Aug. 10, 2025, 4:15 a.m. | 1 hour, 20 minutes ago

Description : In EMQX before 5.8.6, administrators can install arbitrary novel plugins via the Dashboard web interface. NOTE: the Supplier’s position is that this is the intended behavior; however, 5.8.6 adds a defense-in-depth feature in which a plugin’s acceptability (for later Dashboard installation) is set by the “emqx ctl plugins allow” CLI command.

Severity: 3.0 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…