Kikoas1995

**Name of the Vulnerable Software and Affected Versions** VestaCP versions prior to 0.9.8-25 **Description** The issue allows the admin user to escalate privileges to root due to the Sudo configuration not requiring a password to run /usr/local/vesta/bin scripts. **Recommendations** For versions prior to 0.9.8-25, update to version 0.9.8-25 or later to resolve the issue. As a temporary workaround, consider modifying the Sudo configuration to require a password for running /usr/local/vesta/bin scripts.

**Name of the Vulnerable Software and Affected Versions** VestaCP versions prior to 0.9.8-25 **Description** The issue allows attackers to gain privileges by creating symlinks to files for which they lack permissions. This can be achieved by reading the RKEY value from `user.conf` under the `/usr/local/vesta/data/users/admin` directory. Then, the admin password can be changed via a "/reset/?action=confirm&user=admin&code=" URI. The problem arises from the unsafe use of chmod. **Recommendations** For VestaCP versions prior to 0.9.8-25, update to version 0.9.8-25 or later to resolve the issue. As a temporary workaround, consider restricting access to the `/reset/` API endpoint to minimize the risk of exploitation. Additionally, restrict write access to the `/usr/local/vesta/data/users/admin` directory to prevent unauthorized modifications.