CVE-2025-48703

Name of the Vulnerable Software and Affected Versions CWP (aka Control Web Panel or CentOS Web Panel) versions prior to 0.9.8.1205

Description CWP (Control Web Panel) is susceptible to an unauthenticated remote code execution vulnerability. An attacker with knowledge of a valid, non-root username can exploit this flaw by sending a specially crafted request to the /admin/loader ajax.php?ajax=filemanager&acc=changePerm endpoint. The vulnerability resides in the insufficient filtering of the t total parameter, allowing shell metacharacters to be injected and executed on the server. This can lead to complete control of the server, including the ability to install backdoors, steal data, and move laterally within the network. Reports indicate active exploitation of this vulnerability, with over 1.8 million potentially vulnerable instances identified. The vulnerability allows attackers to bypass authentication and execute arbitrary commands.

Recommendations Upgrade CWP to version 0.9.8.1205 or later immediately. Restrict network access to CWP interfaces and implement firewall/ACLs.