216.73.217.64

CVE-2025-54424

· Published 01/08/2025 23:15 · Modified 01/08/2025 23:15

Labels: CVE-2025-54424 2025-08-01CVE-2025-54424CWE-77[email protected]

Essential information

Published
01/08/2025 23:15
Modified
01/08/2025 23:15
Author
Creator
CVSS
8.1 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. In versions 2.0.5 and below, the HTTPS protocol used for communication between the Core and Agent endpoints has incomplete certificate verification during certificate validation, leading to unauthorized interface access. Due to the presence of numerous command execution or high-privilege interfaces in 1Panel, this results in Remote Code Execution (RCE). This is fixed in version 2.0.6. The CVE has been translated from Simplified Chinese using GitHub Copilot.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
1panel / 1panel cpe:2.3:a:1panel:1panel:<2.0.6:*:*:*:*:*:*:*

References