CVE-2023-25168

Name of the Vulnerable Software and Affected Versions Wings versions prior to v1.11.4 Wings versions prior to v1.7.4

Description This issue affects Wings, Pterodactyl's server control plane, allowing an attacker to delete files and directories recursively on the host system. The vulnerability can be combined with other issues to overwrite files on the host system. An attacker must have an existing server allocated and controlled by Wings to exploit this issue. The vulnerability can potentially allow attackers to change resource allocations, promote containers to privileged mode, or add ssh authorized keys for remote access.

Recommendations For versions prior to v1.11.4, upgrade to v1.11.4. For versions prior to v1.7.4, upgrade to v1.7.4. As there are no known workarounds for this issue, upgrading to the specified versions is the recommended course of action.