CISA Warns of CWP Vulnerability Exploited in the Wild

A critical vulnerability in Control Web Panel (CWP), tracked as CVE-2025-48703, allows remote, unauthenticated command execution.

The cybersecurity agency CISA on Tuesday warned that a critical vulnerability affecting the Control Web Panel (CWP) server administration software has been exploited in the wild.

CWP, previously named CentOS Web Panel, is a free and widely used Linux web hosting control panel that is designed to simplify server management.

A vulnerability in CWP, tracked as CVE-2025-48703, allows remote, unauthenticated attackers to execute arbitrary commands on vulnerable systems. An attacker in possession of a valid non-root username can bypass authentication and execute commands using specially crafted requests.

The vulnerability was reported to CWP developers in mid-May and patched roughly one month later with the release of version 0.9.8.1205.

There do not appear to be any public reports describing attacks in which CVE-2025-48703 has been exploited.

Findsec warned a few months ago ...