{"id":"CVE-2025-50706","details":"An issue in thinkphp v.5.1 allows a remote attacker to execute arbitrary code via the routecheck function","aliases":["GHSA-mrwc-mvr8-9xq5"],"modified":"2026-04-10T05:29:16.338047Z","published":"2025-08-05T15:15:29.877Z","references":[{"type":"ADVISORY","url":"https://xinyisleep.github.io/CVE-2025-50706.md"},{"type":"EVIDENCE","url":"https://xinyisleep.github.io/2024-04-24/Thinkphp5.1%E6%96%87%E4%BB%B6%E5%8C%85%E5%90%AB-CNVD-2024-29981"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/top-think/framework","events":[{"introduced":"0"},{"last_affected":"0742917f5b216f2b49fcfbf3ea4deff1d7eddddb"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"5.1.0-NA"}]}}],"versions":["5.0","5.0-rc3","5.0-rc4","5.0.11","v5.0.0","v5.0.1","v5.1-beta.1","v5.1-rc.1","v5.1-rc.2","v5.1.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-50706.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}