CVE-2025-50857
Received Received - Intake
Directory Traversal in ZenTaoPMS Allows Remote Code Execution

Publication date: 2026-02-26

Last updated on: 2026-02-26

Assigner: MITRE

Description
ZenTaoPMS v18.11 through v21.6.beta is vulnerable to Directory Traversal in /module/ai/control.php. This allows attackers to execute arbitrary code via a crafted file upload
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-26
Last Modified
2026-02-26
Generated
2026-06-16
AI Q&A
2026-02-26
EPSS Evaluated
2026-06-15
NVD
CVE-2025-50857
EUVD
EUVD-2025-208123
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
zentao zentao_pms From 18.11 (inc) to 21.6.beta (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

I don't know

Executive Summary

CVE-2025-50857 is a Remote Code Execution (RCE) vulnerability in ZenTaoPMS versions 18.11 through 21.6.beta. It occurs due to improper handling of file uploads in the /module/ai/control.php component, which allows attackers to upload specially crafted malicious files. This enables attackers to execute arbitrary code on the affected system remotely.

Impact Analysis

This vulnerability can have severe impacts as it allows remote attackers to execute arbitrary code on the affected ZenTaoPMS system. This means attackers could potentially take full control of the system, manipulate data, disrupt services, or use the compromised system as a foothold for further attacks.

Detection Guidance

This vulnerability can be detected by checking for the presence of the vulnerable ZenTaoPMS versions (18.11 through 21.6.beta) and monitoring for suspicious file upload activity targeting the /module/ai/control.php endpoint.

Since the vulnerability involves arbitrary code execution via crafted file uploads, you can look for unusual HTTP POST requests to /module/ai/control.php that include suspicious file payloads.

A proof of concept (PoC) exploit is available, which can be used to verify if the system is vulnerable.

  • Use network monitoring tools (e.g., Wireshark, tcpdump) to filter HTTP POST requests to /module/ai/control.php.
  • Check web server logs for POST requests to /module/ai/control.php with unusual file upload parameters.
  • Run vulnerability scanning tools or scripts based on the PoC available at https://github.com/sorzs/opencve/tree/main/CVE-2025-50857.
Mitigation Strategies

Immediate mitigation steps include disabling or restricting access to the file upload functionality at /module/ai/control.php in ZenTaoPMS.

If possible, upgrade ZenTaoPMS to a version later than 21.6.beta where this vulnerability is fixed.

Implement network-level protections such as web application firewalls (WAF) to block malicious file uploads targeting this endpoint.

Monitor logs for suspicious activity and isolate affected systems if exploitation is suspected.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-50857. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart