CVE-2025-25871

OpenPanel 0.3.4 Directory Traversal / Arbitrary File Read

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An issue in Open Panel v.0.3.4 allows a remote attacker to escalate privileges via the Fix Permissions function

OpenPanel version 0.3.4 suffers from a directory traversal vulnerability in the fix permission functionality. This can be leveraged to change permissions on files unaccessible to userland and make them accessible to attackers.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-02-07 CVE Reserved
2025-03-07 CVE Published
2025-03-14 CVE Updated
2025-03-14 First Exploit
---------- EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (2)

URL	Tag	Source
https://openpanel.com/docs/changelog/0.3.5/#%EF%B8%8F-security-fixes

URL	Date	SRC
https://packetstorm.news/files/id/189621	2025-03-14

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
-		-				-		-		-