CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-25871 – OpenPanel 0.3.4 Directory Traversal / Arbitrary File Read
https://notcve.org/view.php?id=CVE-2025-25871
07 Mar 2025 — An issue in Open Panel v.0.3.4 allows a remote attacker to escalate privileges via the Fix Permissions function OpenPanel version 0.3.4 suffers from a directory traversal vulnerability in the fix permission functionality. This can be leveraged to change permissions on files unaccessible to userland and make them accessible to attackers. • https://packetstorm.news/files/id/189621 • CWE-281: Improper Preservation of Permissions •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-25873 – OpenAdmin 0.3.4 Cross Site Request Forgery
https://notcve.org/view.php?id=CVE-2025-25873
06 Mar 2025 — Cross Site Request Forgery vulnerability in Open Panel OpenAdmin v.0.3.4 allows a remote attacker to escalate privileges via the Change Root Password function Cross site request forgery in the Users and Change Root Password functions in OpenAdmin version 0.3.4 allows remote attackers to perform attacks enabling unauthorized actions that could lead to privilege escalation. • https://packetstorm.news/files/id/189597 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-25872 – OpenPanel 0.3.4 Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-25872
05 Mar 2025 — An issue in Open Panel v.0.3.4 allows a remote attacker to escalate privileges via the Fix Permissions function OpenPanel version 0.3.4 suffers from a remote code execution vulnerability via /fix-permissions. • https://packetstorm.news/files/id/189583 • CWE-269: Improper Privilege Management •