CVE-2025-50706

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions thinkphp version 5.1

Description An issue in thinkphp version 5.1 allows a remote attacker to execute arbitrary code via the routecheck function. This flaw enables remote, unauthenticated users to include files and run code.

Recommendations Upgrade to the latest ThinkPHP version. Apply a patch to address the issue.

Exploit

Fix

RCE

Path traversal

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-94

Related Identifiers

BDU:2025-09639

CVE-2025-50706

GHSA-MRWC-MVR8-9XQ5

Affected Products

Thinkphp

CVE-2025-50706

Weakness Enumeration

Related Identifiers

Affected Products

References · 10