CVE-2025-50286

Published: Aug 6, 2025

Modified: Aug 7, 2025

PUBLISHED

Description

A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Once uploaded, the plugin is automatically extracted and loaded, allowing arbitrary PHP code execution and reverse shell access.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/binneko/CVE-2025-50286

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-50286

Description

Affected Products

References