LeakyCreds
NewInstant webhook alerts now available — notified within seconds of any credential detection.Learn more →
Home / Vulnerability Intelligence / CVE-2025-50857

CVE-2025-50857 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: February 26, 2026

ZenTaoPMS - Remote Code Execution

Published: February 26, 2026Updated: February 26, 2026Remote Exploitable

Overview

ZenTaoPMS v18.11 through v21.6.beta contains a directory traversal vulnerability caused by improper validation in /module/ai/control.php, letting attackers execute arbitrary code via crafted file upload.

Severity & Score

Severity: Critical
CVSS Score: 9.8

Impact

Attackers can execute arbitrary code remotely, potentially leading to full system compromise.

Mitigation

Update to the latest version of ZenTaoPMS.

References

Related Resources

Details

CVE ID
CVE-2025-50857
Severity
Critical
CVSS Score
9.8
Type
unrestricted_file_upload
Status
new

CWE

  • CWE-22

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H