CVE-2025-50857
Directory Traversal in ZenTaoPMS Allows Remote Code Execution
Publication date: 2026-02-26
Last updated on: 2026-02-26
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zentao | zentao_pms | From 18.11 (inc) to 21.6.beta (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
Can you explain this vulnerability to me?
CVE-2025-50857 is a Remote Code Execution (RCE) vulnerability in ZenTaoPMS versions 18.11 through 21.6.beta. It occurs due to improper handling of file uploads in the /module/ai/control.php component, which allows attackers to upload specially crafted malicious files. This enables attackers to execute arbitrary code on the affected system remotely.
How can this vulnerability impact me? :
This vulnerability can have severe impacts as it allows remote attackers to execute arbitrary code on the affected ZenTaoPMS system. This means attackers could potentially take full control of the system, manipulate data, disrupt services, or use the compromised system as a foothold for further attacks.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the vulnerable ZenTaoPMS versions (18.11 through 21.6.beta) and monitoring for suspicious file upload activity targeting the /module/ai/control.php endpoint.
Since the vulnerability involves arbitrary code execution via crafted file uploads, you can look for unusual HTTP POST requests to /module/ai/control.php that include suspicious file payloads.
A proof of concept (PoC) exploit is available, which can be used to verify if the system is vulnerable.
- Use network monitoring tools (e.g., Wireshark, tcpdump) to filter HTTP POST requests to /module/ai/control.php.
- Check web server logs for POST requests to /module/ai/control.php with unusual file upload parameters.
- Run vulnerability scanning tools or scripts based on the PoC available at https://github.com/sorzs/opencve/tree/main/CVE-2025-50857.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or restricting access to the file upload functionality at /module/ai/control.php in ZenTaoPMS.
If possible, upgrade ZenTaoPMS to a version later than 21.6.beta where this vulnerability is fixed.
Implement network-level protections such as web application firewalls (WAF) to block malicious file uploads targeting this endpoint.
Monitor logs for suspicious activity and isolate affected systems if exploitation is suspected.