CVE-2025-50706

Description

An issue in ThinkPHP Framework v.5.1 allows a remote attacker to execute arbitrary code via the routecheck function.

How to fix CVE-2025-50706

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

• Packagist/topthink/framework—no fix listed

Is CVE-2025-50706 being exploited?

Low — EPSS is 4.4%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, <= 5.1.41

CVSS scores

References (4)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2025-50706
• PATCHgithub.com/top-think/framework
• WEBxinyisleep.github.io/2024-04-24/Thinkphp5.1%E6%96%87%E4%BB%B6%E5%8C%85%E5%90%AB-CNVD-2024-29981
• WEBxinyisleep.github.io/CVE-2025-50706.md