Critical unauthenticated remote code execution vulnerability in CentOS Web Panel through OS command injection in the filemanager module. Actively exploited in the wild with public PoC exploits and Metasploit modules available.
Data Source: CIRCL
Confidence: HIGH
Exploitation Method: DIRECT_NETWORK
CVE Published: 2025-09-19
Added to CISA KEV: 2025-11-04 46 DAYS BETWEEN CVE AND KEV
CVE-2022-44877 is a critical unauthenticated Command Injection vulnerability in Control Web Panel, allowing remote attackers to execute arbitrary OS commands. The vulnerability has been flagged by CISA as a Known Exploited Vulnerability, with published PoCs available.The flaw, tracked as CVE-2025-48703, allows unauthenticated attackers to execute arbitrary commands on affected systems, potentially leading to full server compromise.
CVE-2025-48703 is a Remote Code Execution (RCE) vulnerability in the filemanager module of a web hosting control panel (e.g., cPanel). It occurs due to unsanitized input handling in the acc=changePerm function, which allows an attacker to inject and execute arbitrary system commands using the t_total parameter.
CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in ...
CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in ...
This article addresses a vulnerability that permits an unauthenticated remote attacker to execute arbitrary commands on a CentOS Web Panel server.