CVE-2025-66507
published 2025-12-09CVE-2025-66507: 1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.13 and below allow an unauthenticated attacker to disable CAPTCHA…
PriorityP350high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.39%
30.8th percentile
1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.13 and below allow an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA protections can be bypassed, enabling automated login attempts and significantly increasing the risk of account takeover (ATO). This issue is fixed in version 2.0.14.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 1panel-dev | 1panel | < 2.0.14 | 2.0.14 |
| fit2cloud | 1panel | < 2.0.14 | 2.0.14 |
| github.com | 1panel-dev_1panel | >= 0 < 2.0.14 | 2.0.14 |
| github.com | 1panel-dev_1panel | >= 0 < 2.0.14+incompatible | 2.0.14+incompatible |
| github.com | 1panel-dev_1panel_core | >= 0 < 0.0.0-20251128030527-ac43f00273be | 0.0.0-20251128030527-ac43f00273be |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
1Panel – CAPTCHA Bypass via Client-Controlled Flag in github.com/1Panel-dev/1Panel
osv·2025-12-15
CVE-2025-66507 1Panel – CAPTCHA Bypass via Client-Controlled Flag in github.com/1Panel-dev/1Panel
1Panel – CAPTCHA Bypass via Client-Controlled Flag in github.com/1Panel-dev/1Panel
1Panel – CAPTCHA Bypass via Client-Controlled Flag in github.com/1Panel-dev/1Panel
GHSA
1Panel – CAPTCHA Bypass via Client-Controlled Flag
ghsa·2025-12-08
CVE-2025-66507 [HIGH] CWE-290 1Panel – CAPTCHA Bypass via Client-Controlled Flag
1Panel – CAPTCHA Bypass via Client-Controlled Flag
### Summary
A CAPTCHA bypass vulnerability in the 1Panel authentication API allows an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA protections could be bypassed, enabling automated login attempts and significantly increasing the risk of account takeover (ATO).
### Details
The /api/login endpoint accepts a boolean field named ignoreCaptcha directly from the client request body:
`"ignoreCaptcha": true`
The backend implementation uses this value to determine whether CAPTCHA validation should be performed:
```
if !req.IgnoreCaptcha {
if errMsg := captcha.VerifyCode(req.CaptchaID, req.Captcha); errMsg
OSV
1Panel – CAPTCHA Bypass via Client-Controlled Flag
osv·2025-12-08
CVE-2025-66507 [HIGH] 1Panel – CAPTCHA Bypass via Client-Controlled Flag
1Panel – CAPTCHA Bypass via Client-Controlled Flag
### Summary
A CAPTCHA bypass vulnerability in the 1Panel authentication API allows an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA protections could be bypassed, enabling automated login attempts and significantly increasing the risk of account takeover (ATO).
### Details
The /api/login endpoint accepts a boolean field named ignoreCaptcha directly from the client request body:
`"ignoreCaptcha": true`
The backend implementation uses this value to determine whether CAPTCHA validation should be performed:
```
if !req.IgnoreCaptcha {
if errMsg := captcha.VerifyCode(req.CaptchaID, req.Captcha); errMsg
No detection rules found.
No public exploits indexed.
2025-12-09
Published