CVE-2025-2774

Name of the Vulnerable Software and Affected Versions Webmin versions prior to 2.302

Description A critical vulnerability in Webmin allows authenticated remote attackers to escalate privileges to root-level, risking severe server compromise. The vulnerability is caused by improper CRLF sequence handling, enabling attackers to execute arbitrary commands. The ramifications of this vulnerability are immense, potentially allowing malicious actors to steal data, disrupt services, or install malware on the compromised systems. No known widespread exploitation has occurred yet, but urgency is advised.

Recommendations For Webmin versions prior to 2.302, update to version 2.302 or later to resolve the issue. As a temporary workaround, consider restricting access to trusted networks and ensuring robust authentication practices to mitigate risks. Additionally, administrators should stay vigilant and keep abreast of security advisories to avoid falling prey to potential attacks.