CVE-2025-48703 Scanner
CVE-2025-48703 Scanner - Remote Code Execution vulnerability in CWP (Control Web Panel)
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
11 days 9 hours
Scan only one
Domain, Subdomain, IPv4
Toolbox
The CWP (Control Web Panel) is widely used for server management and web hosting management purposes. It is favored by administrators for its user-friendly interface and comprehensive management tools. This software application is utilized by both small scale and large scale enterprises intending to streamline server configurations. The purpose is to efficiently manage web server environments by overseeing user accounts, domain management, file security, and more. It provides a centralized platform for managing various server and web-hosting tasks, reducing manual efforts and potential errors.
The vulnerability present in CWP allows unauthenticated attackers to execute arbitrary code remotely. This is facilitated by the presence of shell metacharacters in the t_total parameter within the filemanager's changePerm request. Such a vulnerability contributes significantly to the risk of unauthorized system access. The exploitation does not demand a high degree of skill, making it achievable with knowledge of a valid non-root username. As it is associated with potentially compromising the entire server, swift mitigation is critical. Being a remote code execution vulnerability, it poses a high threat level and requires immediate remediation.
This specific vulnerability affects the endpoint involved in file permission changes within the control panel. The exploitation arises from sending a POST request to /{{username}}/index.php?module=filemanager&acc=changePerm. During this action, the t_total parameter can be manipulated to execute commands remotely. Attackers can abuse this susceptibility by crafting a request initiating unwanted code execution. This vulnerability emerges particularly in versions of CWP below 0.9.8.1205, underscoring its criticality.
Exploitation of this flaw can lead to severe consequences, including full system compromise. Attackers gaining access could manipulate, extract, or delete sensitive data, thereby disrupting operations. It could provide a foothold for deploying further exploits across interconnected systems. Furthermore, it raises the potential for deploying malicious scripts that hijack system resources for nefarious activities. Organizations might also experience reputational and financial damages from exploited attacks if unmitigated.
REFERENCES
- https://fenrisk.com/rce-centos-webpanel
- https://nvd.nist.gov/vuln/detail/CVE-2025-48703
