CVE-2025-66507

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions 1Panel versions 2.0.13 and below

Description 1Panel is a web-based control panel for Linux server management. Versions 2.0.13 and below allow an unauthenticated attacker to bypass CAPTCHA verification by manipulating a client-controlled parameter. The server incorrectly trusts this parameter without validation, which allows attackers to disable CAPTCHA protections. This can lead to automated login attempts and potential account takeover (ATO).

Recommendations Update to version 2.0.14 or later.

Exploit

Fix

Authentication Bypass by Spoofing

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-807CWE-602CWE-290

Related Identifiers

CVE-2025-66507

GHSA-QMG5-V42X-QQHQ

GO-2025-4209

SUSE-SU-2026:0037-1

Affected Products

1Panel

CVE-2025-66507

Weakness Enumeration

Related Identifiers

Affected Products

References · 86