Home / Vulnerability Intelligence / CVE-2025-50857

CVE-2025-50857 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: February 27, 2026

ZenTaoPMS - Remote Code Execution

Published: February 26, 2026Updated: February 27, 2026Remote Exploitable

Overview

ZenTaoPMS v18.11 through v21.6.beta contains a directory traversal vulnerability caused by improper validation in /module/ai/control.php, letting attackers execute arbitrary code via crafted file upload.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 57.9%(Probability of exploitation in next 30 days)

Impact

Attackers can execute arbitrary code remotely, potentially leading to full system compromise.

Mitigation

Update to the latest version of ZenTaoPMS.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Feb 28, 2026

🔴 CVE-2025-50857 - Critical (9.8) ZenTaoPMS v18.11 through v21.6.beta is vulnerable to Directory Traversal in /module/ai/control.php. This allows attackers to execute arbitrary code via a crafted file upload 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-50857/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2025-50857
Severity: Critical
CVSS Score: 9.8
Type: unrestricted_file_upload
Status: unconfirmed
EPSS: 57.9%
Social Posts: 1

CWE

CWE-22

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

57.9%Probability of exploitation in the next 30 days