CVE-2025-48703
CWP Control Web Panel OS Command Injection Vulnerability
CVSS
—
Sin CVSS
EPSS
99.6%
p100
KEV
SÍ
4 nov 2025
Exploit Today
80
0-100
Publicado: — · Última mod.: —
Producto
CWP / Control Web Panel
Vulnerabilidad
CWP Control Web Panel OS Command Injection Vulnerability
Añadido a KEV
4 nov 2025
Remediar antes de
25 nov 2025
Uso conocido en ransomware
No
Descripción resumida
CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command Injection vulnerability that allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A valid non-root username must be known.
Acción requerida
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notas
https://control-webpanel.com/changelog ; https://nvd.nist.gov/vuln/detail/CVE-2025-48703