AI description
CVE-2025-48703 is a Remote Code Execution (RCE) vulnerability found in the `filemanager` module of a web hosting control panel, such as cPanel. The vulnerability stems from improper input sanitization in the `acc=changePerm` function, which allows attackers to inject and execute arbitrary system commands using the `t_total` parameter. This vulnerability allows attackers to execute arbitrary commands on the target server. Successful exploitation could lead to establishing a reverse shell for persistent access and potentially escalating privileges or moving laterally within the system. It was reported to affect CentOS Web Panel (CWP) versions 0.9.8.1204 and 0.9.8.1188.
- Description
- CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A valid non-root username must be known.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9
- Impact score
- 6
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- cve@mitre.org
- CWE-78
- Hype score
- Not currently trending
🚨 CVE-2025-48703 - critical 🚨 CWP (Control Web Panel) < 0.9.8.1205 - Remote Code Execution > CWP (Control Web Panel) < 0.9.8.1205 contains a remote code execution caused by shell... 👾 https://t.co/4Ntj4TTfHu @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
24 Oct 2025
147 Impressions
1 Retweet
2 Likes
1 Bookmark
0 Replies
0 Quotes
[CVE-2025-48703: CRITICAL] Critical security flaw in CWP (Control Web Panel) before 0.9.8.1205 allows remote code execution via shell metacharacters. Attackers need knowledge of a valid non-root username.#cve,CVE-2025-48703,#cybersecurity https://t.co/goNaPC3jYb https://t.co/4wLD
@CveFindCom
19 Sept 2025
49 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
🚀 New PoC released for CVE-2025-48703 (CWP RCE)! Auto-generates high-hit user dictionaries based on domain traits for better exploitation success. 👉 https://t.co/vtLZIdLGnp #RCE #cybersecurity #CVE
@Oldman_19
7 Jul 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚡️The vulnerability details are now available: https://t.co/uC4D4KoLOz 🚨🚨CVE-2025-48703: Unauthenticated RCE in CentOS Web Panel! Attackers can run arbitrary commands with just a valid username. 🔥EXP: https://t.co/crBc0zZg3r ZoomEye Dork👉app="CentOS WebPanel"
@zoomeye_team
7 Jul 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚡️The vulnerability details are now available: https://t.co/uC4D4KoLOz 🚨🚨CVE-2025-48703: Unauthenticated RCE in CentOS Web Panel! Attackers can run arbitrary commands with just a valid username. ZoomEye Dork👉app="CentOS WebPanel" Over 1.8M vulnerable instances ex
@zoomeye_team
7 Jul 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-48703: RCE in Centos7 Web Panel (https://t.co/vMR5YChgWv) The vulnerability allows an attacker to bypass the authentication process and perform code injection.
@saremi_hos16480
6 Jul 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Remote code execution in CentOS Web Panel - CVE-2025-48703 https://t.co/dhDFT0pzaf
@akaclandestine
6 Jul 2025
1601 Impressions
4 Retweets
22 Likes
9 Bookmarks
0 Replies
0 Quotes
#exploit 1⃣ CVE-2025-48703: RCE in CentOS Web Panel - https://t.co/nugC3SZEEk 2⃣ CVE-2025-31200: Zero-click RCE vulnerability in Apple's iOS 18.x - https://t.co/og6oEa6nmj 3⃣ CVE-2025-32463: Escalation of Privilege to the root through sudo binary with chroot option -
@ksg93rd
6 Jul 2025
1193 Impressions
3 Retweets
29 Likes
9 Bookmarks
0 Replies
0 Quotes
Warning: New vulnerability in @CentOS Web Panel #CVE-2025-48703 allows authentication bypass and remote code execution by anyone with a valid username. Immediate action is required to secure your systems. Don’t wait—update now! https://t.co/Jf50ZtCu8H #Cybersecurity #Patch
@CCBalert
27 Jun 2025
216 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CentOS Web Panel(CWP)に未認証リモートコード実行の脆弱性(CVE-2025-48703)、20万以上のサーバーが対象 #セキュリティ対策Lab #セキュリティ #Security https://t.co/GlR0BIP9jU
@securityLab_jp
26 Jun 2025
108 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
GitHub - trh4ckn0n/CVE-2025-48703: Remote code exec cent os web panel by trhacknon - https://t.co/26ldvGJVWo
@piedpiper1616
26 Jun 2025
1391 Impressions
6 Retweets
13 Likes
5 Bookmarks
1 Reply
0 Quotes
CVE-2025-48703: Remote Code Execution in CentOS Web Panel A critical flaw in CentOS Web Panel allows unauthenticated RCE bypass and command injection, compromising over 200,000 servers. Update to v0.9.8.1205 now https://t.co/ExPN6u0cuh https://t.co/tBoECdwPsG
@freedomhack101
25 Jun 2025
104 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 Critical #CentOS Web Panel Vulnerability (#CVE-2025-48703) Exposes Thousands of Servers to Remote Command Execution https://t.co/P1DGXVxBcT
@UndercodeNews
25 Jun 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-48703: RCE in Centos7 Web Panel, high rating❗️ The vulnerability allows an attacker to bypass the authentication process and perform code injection. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/z9wNQtchyd #cybersecurity #vulnerability_map https://t.c
@Netlas_io
25 Jun 2025
1064 Impressions
6 Retweets
19 Likes
5 Bookmarks
0 Replies
0 Quotes
🚨 Critical RCE vulnerability (CVE-2025-48703) found in CentOS Web Panel! Unauthenticated attackers can execute arbitrary commands. Update CWP ASAP & tighten security! 🔥 #Cybersecurity #RCE #CentOS https://t.co/Pnf7IsmcI3
@fernandokarl
25 Jun 2025
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-48703 : Remote code execution in CentOS Web Panel https://t.co/Idzubb1Pvl https://t.co/GrnwKRAfZB
@antonio_taboada
25 Jun 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Remote code execution in CentOS Web Panel - CVE-2025-48703 https://t.co/O29ZYQHQjq
@lviru5
25 Jun 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes