Critical Remote Command Execution Vulnerability Exploited in CentOS Web Panel
Summary
Hide ▲
Show ▼
A critical remote command execution vulnerability (CVE-2025-48703) in CentOS Web Panel (CWP) is being actively exploited. The flaw allows unauthenticated attackers to execute arbitrary shell commands as a valid user. The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, urging federal entities to patch or discontinue use by November 25. The issue affects all CWP versions before 0.9.8.1204. The vulnerability was demonstrated in late June and reported to CWP on May 13. The fix was released on June 18 in version 0.9.8.1205. CISA did not provide details on the exploitation methods, targets, or origin of the malicious activity.
Timeline
-
05.11.2025 20:26 1 articles · 5d ago
CISA warns of actively exploited critical CentOS Web Panel bug
CISA added the critical remote command execution vulnerability (CVE-2025-48703) in CentOS Web Panel (CWP) to its Known Exploited Vulnerabilities (KEV) catalog. The flaw allows unauthenticated attackers to execute arbitrary shell commands as a valid user. Federal entities are urged to patch or discontinue use by November 25. The issue affects all CWP versions before 0.9.8.1204. The vulnerability was demonstrated in late June and reported to CWP on May 13. The fix was released on June 18 in version 0.9.8.1205.
Show sources
- CISA warns of critical CentOS Web Panel bug exploited in attacks — www.bleepingcomputer.com — 05.11.2025 20:26
Information Snippets
-
The vulnerability (CVE-2025-48703) allows remote, unauthenticated attackers to execute arbitrary shell commands as a valid user.
First reported: 05.11.2025 20:261 source, 1 articleShow sources
- CISA warns of critical CentOS Web Panel bug exploited in attacks — www.bleepingcomputer.com — 05.11.2025 20:26
-
The flaw affects all CWP versions before 0.9.8.1204.
First reported: 05.11.2025 20:261 source, 1 articleShow sources
- CISA warns of critical CentOS Web Panel bug exploited in attacks — www.bleepingcomputer.com — 05.11.2025 20:26
-
The issue was demonstrated on CentOS 7 in late June by Fenrisk security researcher Maxime Rinaudo.
First reported: 05.11.2025 20:261 source, 1 articleShow sources
- CISA warns of critical CentOS Web Panel bug exploited in attacks — www.bleepingcomputer.com — 05.11.2025 20:26
-
The root cause of the flaw is the file-manager ‘changePerm’ endpoint processing requests even when the per-user identifier is omitted.
First reported: 05.11.2025 20:261 source, 1 articleShow sources
- CISA warns of critical CentOS Web Panel bug exploited in attacks — www.bleepingcomputer.com — 05.11.2025 20:26
-
The ‘t_total’ parameter, which works as a file permission mode in the chmod system command, is passed unsanitized into a shell command, allowing shell injection and arbitrary command execution.
First reported: 05.11.2025 20:261 source, 1 articleShow sources
- CISA warns of critical CentOS Web Panel bug exploited in attacks — www.bleepingcomputer.com — 05.11.2025 20:26
-
The researcher reported the flaw to CWP on May 13, and a fix was released on June 18 in version 0.9.8.1205.
First reported: 05.11.2025 20:261 source, 1 articleShow sources
- CISA warns of critical CentOS Web Panel bug exploited in attacks — www.bleepingcomputer.com — 05.11.2025 20:26
-
CISA added the flaw to the KEV catalog without sharing details about how it is being exploited, the targets, or the origin of the malicious activity.
First reported: 05.11.2025 20:261 source, 1 articleShow sources
- CISA warns of critical CentOS Web Panel bug exploited in attacks — www.bleepingcomputer.com — 05.11.2025 20:26
-
CISA also added CVE-2025-11371, a local file inclusion flaw in Gladinet CentreStack and Triofox products, to the KEV catalog.
First reported: 05.11.2025 20:261 source, 1 articleShow sources
- CISA warns of critical CentOS Web Panel bug exploited in attacks — www.bleepingcomputer.com — 05.11.2025 20:26