{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T06:20:46.730","vulnerabilities":[{"cve":{"id":"CVE-2025-52136","sourceIdentifier":"cve@mitre.org","published":"2025-08-10T04:15:33.913","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[{"sourceIdentifier":"cve@mitre.org","tags":["disputed"]}],"descriptions":[{"lang":"en","value":"In EMQX before 5.8.6, administrators can install arbitrary novel plugins via the Dashboard web interface. NOTE: the Supplier's position is that this is the intended behavior; however, 5.8.6 adds a defense-in-depth feature in which a plugin's acceptability (for later Dashboard installation) is set by the \"emqx ctl plugins allow\" CLI command."},{"lang":"es","value":"En EMQX anterior a la versión 5.8.6, los administradores podían instalar complementos nuevos a su elección mediante la interfaz web del Dashboard. NOTA: El proveedor considera que este es el comportamiento previsto; sin embargo, la versión 5.8.6 añade una función de defensa en profundidad que permite configurar la aceptabilidad de un complemento (para su posterior instalación en el Dashboard) mediante el comando CLI \"emqx ctl plugins allow\"."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N","baseScore":3.0,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":1.4}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-754"}]}],"references":[{"url":"https://docs.emqx.com/en/emqx/latest/dashboard/introduction.html","source":"cve@mitre.org"},{"url":"https://docs.emqx.com/en/emqx/latest/deploy/install-docker.html","source":"cve@mitre.org"},{"url":"https://github.com/ricardojoserf/emqx-RCE","source":"cve@mitre.org"},{"url":"https://github.com/ricardojoserf/emqx-RCE","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}]}