PT-2025-31881 · Ratpanel · Ratpanel
Ltltlxey
·
Published
2025-08-04
·
Updated
2025-08-05
·
CVE-2025-53534
Ltltlxey
·
Published
2025-08-04
·
Updated
2025-08-05
·
CVE-2025-53534
7.7
High
| Base vector | Vector | AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
**Name of the Vulnerable Software and Affected Versions:**
RatPanel versions 2.3.19 through 2.5.5
**Description:**
RatPanel is susceptible to remote code execution (RCE) and unauthorized access. An attacker who obtains the backend login path of RatPanel can execute system commands or take over hosts managed by the panel without logging in. This is due to the `CleanPath` middleware not processing `r.URL.Path`, leading to path misinterpretation and authentication bypass. Specifically, the vulnerability affects the `must login` middleware, allowing access to dangerous interfaces such as `/api/ws/exec` and `/api/ws/ssh`. Exploitation requires activating a session, but does not require completing the full authentication process.
**Recommendations:**
RatPanel versions 2.3.19 through 2.5.5 are affected and should be updated to version 2.5.6 or later.
Fix
Path traversal