Skip to main content

1panel CVE-2025-54424

HIGH
Command Injection (CWE-77)
2025-08-01 security-advisories@github.com
Command Injection RCE 1panel Suse
8.1
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
8.1 HIGH
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 28, 2026 - 19:04 vuln.today
Patch released
Mar 28, 2026 - 19:04 nvd
Patch available
PoC Detected
Aug 26, 2025 - 16:53 vuln.today
Public exploit code
CVE Published
Aug 01, 2025 - 23:15 nvd
HIGH 8.1

DescriptionGitHub Advisory

1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. In versions 2.0.5 and below, the HTTPS protocol used for communication between the Core and Agent endpoints has incomplete certificate verification during certificate validation, leading to unauthorized interface access. Due to the presence of numerous command execution or high-privilege interfaces in 1Panel, this results in Remote Code Execution (RCE). This is fixed in version 2.0.6. The CVE has been translated from Simplified Chinese using GitHub Copilot.

AnalysisAI

1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Command Injection (CWE-77), which allows attackers to inject arbitrary commands into system command execution. 1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. In versions 2.0.5 and below, the HTTPS protocol used for communication between the Core and Agent endpoints has incomplete certificate verification during certificate validation, leading to unauthorized interface access. Due to the presence of numerous command execution or high-privilege interfaces in 1Panel, this results in Remote Code Execution (RCE). This is fixed in version 2.0.6. The CVE has been translated from Simplified Chinese using GitHub Copilot. Affected products include: Fit2Cloud 1Panel. Version information: version 2.0.6..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Use parameterized APIs, avoid shell execution, validate input with strict allowlists.

Vendor StatusVendor

SUSE

Severity: High
Product Status
Container suse/sl-micro/6.0/base-os-container:latest Image SL-Micro Image SLE-Micro Image SLE-Micro-EC2 Affected
Container suse/sl-micro/6.0/toolbox:latest Affected
SUSE Linux Enterprise Server 16.0 Fixed
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Server 16.0 Fixed

Share

CVE-2025-54424 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy