CVE-2025-50286

August 6, 2025 invoker category_cve

CVE Details

Basic Information

Title CVE-2025-50286
Type cve
Published 2025-08-06T15:15:32
Last Seen 2025-08-06T15:49:46
Modified 2025-08-06T15:15:32

CVSS Information

Base Score 8.1 (HIGH)
Attack Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Analysis

AI Description A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows authenticated admins to upload malicious plugins, enabling arbitrary PHP code execution and reverse shell access.
AI Severity High
AI Vendor Grav Community
AI Product Grav CMS
AI Version 1.7.48

Additional Information

CVE List CVE-2025-50286
CWE List CWE-434
Bulletin Family cve

Description

A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Once uploaded, the plugin is automatically extracted and loaded, allowing arbitrary PHP code execution and reverse shell access.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.