CVE-2018-25117

Name of the Vulnerable Software and Affected Versions VestaCP versions commit a3f0fa1 (2018-05-31) through commit ee03eff (2018-06-13)

Description The VestaCP installer contained malicious code resulting in a supply-chain compromise. Installations created from the compromised installer since at least May 2018 were subject to the installation of Linux/ChachaDDoS, a multi-stage DDoS bot utilizing Lua for its second- and third-stage components. The compromise resulted in the leakage of administrative credentials, specifically base64-encoded admin passwords and server domains, to an external URL during installation. Additionally, the installer dropped and executed a DDoS malware payload with local system privileges. Compromised servers were observed participating in large-scale DDoS activity. Exploitation in the wild was acknowledged in October 2018.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.