PT-2025-31939 · Thinkphp · Thinkphp

Xinyisleep

Published

2025-08-05

Updated

2025-08-05

CVE-2025-50706

Report an issue

CVSS v3.1

9.8

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions:

thinkphp version 5.1

Description:

An issue in thinkphp version 5.1 allows a remote attacker to execute arbitrary code via the `routecheck` function. This flaw enables remote, unauthenticated users to include files and run code.

Recommendations:

Upgrade to the latest ThinkPHP version.

Apply a patch to address the issue.

Exploit

Fix

Path traversal

Code Injection

Weakness Enumeration

CWE-22CWE-94

Related Identifiers

CVE-2025-50706

GHSA-MRWC-MVR8-9XQ5

Affected Products

Thinkphp

PT-2025-31939 · Thinkphp · Thinkphp

Weakness Enumeration

Related Identifiers

Affected Products

References · 7