CVE-2025-34430

Name of the Vulnerable Software and Affected Versions 1Panel versions 1.10.33 through 2.0.15

Description 1Panel is affected by a cross-site request forgery (CSRF) issue in the panel name management functionality. The affected functionality lacks CSRF protections, such as anti-CSRF tokens or Origin/Referer validation. An attacker can create a malicious webpage that submits a panel-name change request. If a user visits this page while logged in, their browser will include valid session cookies, allowing the request to succeed. This enables a remote attacker to modify the user’s panel name without their knowledge or consent. The vulnerable endpoint does not have sufficient CSRF defenses.

Recommendations Update 1Panel to a version later than 2.0.15. Update 1Panel to a version later than 1.10.33.