Skip to main content

1Panel CVE-2025-34429

HIGH
Cross-Site Request Forgery (CSRF) (CWE-352)
2025-12-10 disclosure@vulncheck.com
7.0
CVSS 4.0 · Vendor: vulncheck
Share

Severity by source

Vendor (vulncheck) PRIMARY
7.0 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.1 HIGH

Remote CSRF needs no attacker privileges (PR:N) but a logged-in victim must visit attacker content (UI:R); impact is availability-dominant (A:H) with minor config integrity (I:L) and no confidentiality (C:N).

3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (vulncheck).

CVSS VectorVendor: vulncheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
A
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jul 14, 2026 - 23:32 vuln.today
CVE Published
Dec 10, 2025 - 19:16 cve.org
HIGH 7.0

DescriptionCVE.org

1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the web port configuration functionality. The port-change endpoint lacks CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that submits a port-change request; when a victim visits it while authenticated, the browser includes valid session cookies and the request succeeds. This allows an attacker to change the port on which the 1Panel web service listens, causing loss of access on the original port and resulting in service disruption or denial of service, and may unintentionally expose the service on an attacker-chosen port.

AnalysisAI

Cross-site request forgery in 1Panel (versions 1.10.33 through 2.0.15) lets a remote attacker change the TCP port the web management service listens on by luring an authenticated administrator to a malicious webpage. Because the port-change endpoint has no anti-CSRF token or Origin/Referer checks, the victim's browser silently replays valid session cookies, moving the panel off its expected port and causing loss of access, denial of service, or unintended exposure on an attacker-chosen port. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the flaw is trivially craftable given the described missing defenses.

Technical ContextAI

1Panel (vendor fit2cloud, project 1Panel-dev, CPE cpe:2.3:a:fit2cloud:1panel) is an open-source Linux server operations and management panel that exposes a web UI for administering hosts, containers, websites, and system settings. The weakness is CWE-352 (Cross-Site Request Forgery): the HTTP endpoint that reconfigures the web service listening port performs a state-changing action based solely on the presence of an authenticated session cookie, with no unpredictable per-request token and no server-side validation of the request's Origin or Referer header. Browsers automatically attach same-site session cookies to any request the panel's own domain, so a request forged by an unrelated attacker page is indistinguishable from a legitimate one to the server, allowing the sensitive configuration change to be driven cross-site.

RemediationAI

Upgrade 1Panel to a release later than 2.0.15 from https://github.com/1Panel-dev/1Panel/releases once a fixed version is published; the provided data does not name an exact patched version, so verify the fix in the release notes before deploying. Consult the VulnCheck advisory at https://www.vulncheck.com/advisories/1panel-csrf-web-port-configuration-change for authoritative details. Until a confirmed patched build is applied, reduce exposure by restricting the panel's management interface to a trusted management network or VPN and blocking direct internet access to it (trade-off: administrators lose convenient remote reach and must connect through the VPN), by having administrators log out of 1Panel when not actively using it to shrink the window in which a forged request can ride a live session, and by fronting the panel with a reverse proxy that enforces Origin/Referer validation or requires a custom header on state-changing requests (trade-off: added proxy configuration and potential breakage of legitimate automation). Browser-side isolation - using a dedicated browser or profile for the panel and not browsing other sites in it - further limits CSRF opportunity.

More in 1panel

View all
CVE-2024-39911 CRITICAL POC
9.8 Jul 18

1Panel is a web-based linux server management control panel. Rated critical severity (CVSS 9.8), this vulnerability is r

CVE-2024-39907 CRITICAL POC
9.8 Jul 18

1Panel is a web-based linux server management control panel. Rated critical severity (CVSS 9.8), this vulnerability is r

CVE-2024-2352 CRITICAL POC
9.8 Mar 10

A vulnerability, which was classified as critical, has been found in 1Panel up to 1.10.1-lts. Rated critical severity (C

CVE-2023-39966 CRITICAL POC
9.8 Aug 10

1Panel is an open source Linux server operation and maintenance management panel. Rated critical severity (CVSS 9.8), th

CVE-2023-37477 HIGH POC
8.8 Jul 18

1Panel is an open source Linux server operation and maintenance management panel. Rated high severity (CVSS 8.8), this v

CVE-2023-36458 HIGH POC
8.8 Jul 05

1Panel is an open source Linux server operation and maintenance management panel. Rated high severity (CVSS 8.8), this v

CVE-2023-36457 HIGH POC
8.8 Jul 05

1Panel is an open source Linux server operation and maintenance management panel. Rated high severity (CVSS 8.8), this v

CVE-2024-34352 HIGH POC
7.5 May 14

1Panel is an open source Linux server operation and maintenance management panel. Rated high severity (CVSS 7.5), this v

CVE-2023-39964 HIGH POC
7.5 Aug 10

1Panel is an open source Linux server operation and maintenance management panel. Rated high severity (CVSS 7.5), this v

CVE-2023-39965 MEDIUM POC
4.3 Aug 10

1Panel is an open source Linux server operation and maintenance management panel. Rated medium severity (CVSS 4.3), this

CVE-2024-24768 HIGH
7.5 Feb 05

1Panel is an open source Linux server operation and maintenance management panel. Rated high severity (CVSS 7.5), this v

CVE-2024-27288 LOW POC
3.1 Mar 06

1Panel is an open source Linux server operation and maintenance management panel. Rated low severity (CVSS 3.1), this vu

Share

CVE-2025-34429 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy