CVE-2025-50286 – Grav CMS Remote Code Execution

August 6, 2025

CVE ID : CVE-2025-50286

Published : Aug. 6, 2025, 3:15 p.m. | 8 hours, 29 minutes ago

Description : A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Once uploaded, the plugin is automatically extracted and loaded, allowing arbitrary PHP code execution and reverse shell access.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-53786 – Microsoft Exchange Server Hybrid Deployment Authentication Bypass Vulnerability

Next Article CVE-2025-3320 – IBM Tivoli Monitoring Heap-Based Buffer Overflow Vulnerability

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

Melissa brings its data quality solutions to Azure with new SSIS integration

Automating Design Systems: Tips And Resources For Getting Started

This $180 mini projector has no business being this good for the price

GPT-5 is finally here, and you can access it for free today – no subscription needed

Changing this Android setting instantly doubled my phone speed (Samsung and Google models included)

ChatGPT can now talk nerdy to you – plus more personalities and other upgrades beyond GPT-5

Advanced Application Architecture through Laravel’s Service Container Management

Advanced Application Architecture through Laravel’s Service Container Management

Switch Between Personas in Laravel With the MultiPersona Package

AI-Driven Smart Tagging and Metadata in AEM Assets

Bill Gates on AI’s Impact: ‘Be Curious, Read, and Use the Latest Tools’

Bill Gates on AI’s Impact: ‘Be Curious, Read, and Use the Latest Tools’

Halo Infinite’s Fall Update: New Features and Modes to Revive the Game?

Forza Motorsport’s Future in Jeopardy: Fans Demand Clarity from Microsoft

CVE-2025-50286 – Grav CMS Remote Code Execution

Microsoft to Pull Plug on Shared EWS Access in Hybrid Exchange by October

Google Confirms Salesforce Database Breach by ShinyHunters Group

CVE-2025-5647 – Radare2 Radiff2 Memory Corruption Vulnerability

Infortrend NAS CS4000U Storage Cost and Price in India – Affordable and Reliable

CVE-2024-13966 – ZKTeco BioTime Default Password Authentication Bypass

CVE-2025-46789 – Zoom Windows Buffer Overflow Denial of Service

Animating in Frames: Repeating Image Transition

Windows 11 Gets New UI Customization: Reposition System Indicator Bar to Top-Center or Top-Left

‘It was clear that Xbox was the best option,” Towerborne developers discuss early access, the superpower of having a community, working with Microsoft, and more

JetBrains YouTrack Price Hike: New Plans & Features Arrive October 1, 2025

CVE-2025-50286 – Grav CMS Remote Code Execution

Related Posts