CVE-2025-66507

EPSS 0.1%
Veröffentlicht 09.12.2025 01:25:48
Zuletzt bearbeitet 10.12.2025 21:28:33
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.13 and below allow an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA protections can be bypassed, enabling automated login attempts and significantly increasing the risk of account takeover (ATO). This issue is fixed in version 2.0.14.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 3 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fit2cloud ≫ 1panel Version < 2.0.14

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.277

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-290 Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

CWE-602 Client-Side Enforcement of Server-Side Security

The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.

CWE-807 Reliance on Untrusted Inputs in a Security Decision

The product uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.

https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-qmg5-v42x-qqhq

Vendor Advisory

https://github.com/1Panel-dev/1Panel/commit/ac43f00273be745f8d04b90b6e2b9c1a40ef7bca

Patch

https://github.com/1Panel-dev/1Panel/releases/tag/v2.0.14

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2025-66507

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-66507

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-66507

EUVD