πŸ”΄ CVE-2025-48703

Critical unauthenticated remote code execution vulnerability in CentOS Web Panel through OS command injection in the filemanager module. Actively exploited in the wild with public PoC exploits and Metasploit modules available.

← Back to Overview
HIGH_RISK
Risk Level
9.0
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 β€” Exploit Public-Facing Application
ATT&CK Technique
VERY_HIGH
Deployment Risk
No
Ransomware

πŸ“‹ Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-09-19

Added to CISA KEV: 2025-11-04 46 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

πŸ” Web Intelligence (Kagi Β· 2025-11-04)

CVE-2025-48703 is a critical remote code execution (RCE) vulnerability affecting Control Web Panel (CWP), also known as CentOS Web Panel, versions prior to 0.9.8.1205 [4][3].

Here's a breakdown of what is known about its exploitation:

  • Affected Applications/Services: The vulnerability affects web hosting control panels, specifically the filemanager module in CWP [2].
  • Internet-Facing: It allows an unauthenticated remote attacker to execute arbitrary commands on a CentOS Web Panel server [5].
  • Active Exploitation: The vulnerability is actively exploited in the wild [9][8].
  • Attack Vectors/Exploitation Methods:
* Unsanitized input handling in the `acc=changePerm` function within the filemanager module allows injection and execution of arbitrary system commands using the `t_total` parameter [2][7]. * The vulnerability can be exploited by unauthenticated attackers, potentially leading to full server compromise [1]. * Public Proof-of-Concept (PoC) exploits and Metasploit modules are available, increasing the risk of exploitation [6][1].
  • Targeted Attacks: While not explicitly stated, the active exploitation and the existence of public exploits and Metasploit modules suggest it could be used in targeted attacks [6][1].
  • CISA KEV Status: CISA has added CVE-2025-48703 to its Known Exploited Vulnerabilities (KEV) Catalog, urging organizations to remediate it promptly [6][1].
  • Technical Details/Internet Exploitability:
* The vulnerability allows unauthenticated remote code execution via shell metacharacters in the `t_total` parameter of a filemanager `changePerm` request [4][3]. * Successful exploitation allows an attacker to execute arbitrary commands on affected systems [1]. * Exploitation requires knowledge of a valid non-root username [7][10].

Sources

  1. CVE-2022-44877 - Exploits & Severity - Feedly

    CVE-2022-44877 is a critical unauthenticated Command Injection vulnerability in Control Web Panel, allowing remote attackers to execute arbitrary OS commands. The vulnerability has been flagged by CISA as a Known Exploited Vulnerability, with published PoCs available.The flaw, tracked as CVE-2025-48…

  2. Skynoxk/CVE-2025-48703: Remote Code execution in CentOS web panel - GitHub

    CVE-2025-48703 is a Remote Code Execution (RCE) vulnerability in the filemanager module of a web hosting control panel (e.g., cPanel). It occurs due to unsanitized input handling in the acc=changePerm function, which allows an attacker to inject and execute arbitrary system commands using the t_tota…

  3. CentOS Web Panel - RCE (CVE-2025-48703)

    CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in ...

  4. CVE-2025-48703

    CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in ...

  5. Remote code execution in CentOS Web Panel - CVE-2025 ...

    This article addresses a vulnerability that permits an unauthenticated remote attacker to execute arbitrary commands on a CentOS Web Panel server.

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

πŸ“„ Download JSON Data | πŸ“‘ RSS Feed