Find notable cyber news and cases, enriched with sources, timelines, and signals.

CentOS Web Panel remote command execution flaw (CVE-2025-48703)

Vulnerability
First reported
Last updated
Happening score
H score 1
1 unique sources, 1 articles

Summary

Hide ▲

CentOS Web Panel (CWP) is affected by CVE-2025-48703, a critical remote command execution flaw that lets unauthenticated attackers with a valid username run arbitrary shell commands. CISA says the bug is being actively exploited, and the issue affects all versions before 0.9.8.1204.

Related Happenings

CISA adds CVE-2026-12569 to KEV for PTC Windchill and FlexPLM

Public Sector Action
H score46 First: 26.06.2026 15:31 Last: 26.06.2026 15:31 Sources 1

About this happening: CISA **added CVE-2026-12569** to the **KEV catalog** after finding **active exploitation** of **PTC Windchill PDMlink** and **PTC FlexPLM**, elevating the flaw to a federal remedi...

CISA KEV mitigation for LiteSpeed cPanel Plugin (CVE-2026-54420)

Advisory/Mitigation
H score38 First: 16.06.2026 08:41 Last: 16.06.2026 08:41 Sources 1

About this happening: CISA put **CVE-2026-54420** in **LiteSpeed cPanel Plugin** on the **KEV catalog**, ordering **FCEB agencies** to apply fixes by **June 18, 2026**. The flaw is a **CVSS 8.5 privile...

CISA KEV order for SolarWinds Serv-U CVE-2026-28318

Public Sector Action
H score50 First: 06.06.2026 11:14 Last: 06.06.2026 11:14 Sources 1

About this happening: **CISA** added **CVE-2026-28318** affecting **SolarWinds Serv-U** to the **KEV catalog** and ordered **FCEB agencies** to remediate it by **June 19, 2026**. The directive expands...

CISA KEV listing for Wing FTP CVE-2025-47813

Public Sector Action
H score38 First: 17.03.2026 07:23 Last: 17.03.2026 07:23 Sources 1

About this happening: CISA added **CVE-2025-47813** in **Wing FTP Server** to the **KEV catalog** after evidence of **active exploitation**, putting the flaw under formal government tracking. The listi...

CISA KEV remediation deadline for SolarWinds WHD CVE-2025-40551

Public Sector Action
H score53 First: 04.02.2026 07:50 Last: 04.02.2026 07:50 Sources 1

About this happening: **CISA** added **CVE-2025-40551** in **SolarWinds Web Help Desk** to the **KEV catalog** and imposed **federal remediation deadlines**, turning a newly exploited flaw into a compl...

Timeline

  1. 05.11.2025 20:26 2 articles · 8mo ago

    CentOS Web Panel remote command execution flaw (CVE-2025-48703)

    Initial Disclosure

    **CVE-2025-48703** surfaced as a high-severity CWP command-execution flaw affecting versions before **0.9.8.1204**. The issue was later placed in **CISA’s KEV catalog** after exploitation activity was identified.

    Show sources