Control-Webpanel: >> Webpanel >> 0.9.8.1168 Security Vulnerabilities
CVE-2025-48703
CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A valid non-root username must be known.
Known exploited
CVSS Score
9.0
EPSS Score
0.694
Published
2025-09-19