CISA Alerts of Control Web Panel Command Injection Flaw Actively Exploited
gbhackersThe Cybersecurity and Infrastructure Security Agency has issued an urgent alert about a critical command-injection vulnerability in Control Web Panel that is currently being actively exploited in the wild.
Tracked as CVE-2025-48703, this flaw poses a significant threat to organizations running the popular server management platform and demands immediate attention from system administrators worldwide.
Control Web Panel, formerly known as CentOS Web Panel, is a widely deployed open-source server management solution used by thousands of organisations to administrate Linux-based web servers and hosting environments.
The vulnerability discovered in this platform allows unauthenticated attackers to execute arbitrary operating system commands remotely, potentially leading to complete server compromise and unauthorized access to sensitive data.
Vulnerability Details and Technical Impact
The vulnerability exists in the file manager module of Control Web Panel and affects explicitly how the application handles the t_total parameter in changePerm requests.
Attackers can inject shell metacharacters into this parameter ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE