Low severity3.0NVD Advisory· Published Aug 10, 2025· Updated Apr 15, 2026

CVE-2025-52136

Description

In EMQX before 5.8.6, administrators can install arbitrary novel plugins via the Dashboard web interface. NOTE: the Supplier's position is that this is the intended behavior; however, 5.8.6 adds a defense-in-depth feature in which a plugin's acceptability (for later Dashboard installation) is set by the "emqx ctl plugins allow" CLI command.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

docs.emqx.com/en/emqx/latest/dashboard/introduction.htmlnvd
docs.emqx.com/en/emqx/latest/deploy/install-docker.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.195
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000