PT-2025-31842 · Zpanel · Zpanel
Published
2025-08-04
·
Updated
2025-08-04
·
CVE-2013-10052
CVSS v4.0
8.5
High
| Vector | AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
ZPanel (affected versions not specified)
Description
ZPanel includes a helper binary named
zsudo, designed for restricted privilege escalation for administrative tasks. If incorrectly configured in /etc/sudoers, zsudo can be invoked by low-privileged users to execute arbitrary commands as root. This allows local attackers with shell access to escalate privileges by writing a payload to a writable directory and executing it via zsudo. The issue is particularly impactful following web server compromise, where the attacker inherits access to zsudo.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
LPE
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zpanel