CVE-2025-48703 is a critical vulnerability found in Control Web Panel (CWP), also known as CentOS Web Panel, which impacts versions prior to 0.9.8.1205. This vulnerability allows unauthenticated remote code execution via shell metacharacters in the t_total parameter during a filemanager changePerm request, requiring knowledge of a valid non-root username. The CVSS score for this vulnerability is 9.0, indicating a critical impact on the security of the affected systems.
Organizations exposed to this vulnerability face significant risks, including unauthorized system access, data compromise, and potential service disruptions. The nature of the vulnerability makes it particularly dangerous, as it can be exploited remotely without authentication, allowing attackers to execute arbitrary commands on the affected server.
Given the criticality of this vulnerability and its potential for exploitation, organizations should prioritize patching immediately to mitigate risks. The vulnerability is included in the Known Exploited Vulnerabilities (KEV) catalog, indicating that it is actively being targeted by attackers.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)