Home / Vulnerability Intelligence / CVE-2025-50881

CVE-2025-50881 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 17, 2026

Use It Flow - Remote Code Execution

Published: March 16, 2026Updated: March 17, 2026PoC AvailableRemote Exploitable

Overview

Use It Flow < 10.0.0 contains a remote code execution caused by insufficient validation of the 'action' parameter in flow/admin/moniteur.php, letting unauthenticated attackers execute arbitrary PHP code via eval(), exploit requires crafted input bypassing method_exists() check.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 19.7%(Probability of exploitation in next 30 days)

Impact

Unauthenticated attackers can execute arbitrary PHP code on the server, potentially leading to full server compromise.

Mitigation

Update to version 10.0.0 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 18, 2026

🟠 CVE-2025-50881 - High (8.8) The `flow/admin/moniteur.php` script in Use It Flow administration website before 10.0.0 is vulnerable to Remote Code Execution. When handling GET requests, the script takes user-supplied input from the `action` URL parameter, performs insufficien... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-50881/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

GitHub Repositories(1 repo)

https://github.com/0xdeadbit/CVE-2025-50881

Related Resources

Details

CVE ID: CVE-2025-50881
Severity: High
CVSS Score: 8.8
Type: command_injection
Status: unconfirmed
EPSS: 19.7%
Social Posts: 1

CWE

CWE-94

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

19.7%Probability of exploitation in the next 30 days