cbcvebase.
CVE-2025-66507
published 2025-12-09

CVE-2025-66507: 1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.13 and below allow an unauthenticated attacker to disable CAPTCHA…

PriorityP350high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.39%
30.8th percentile
1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.13 and below allow an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA protections can be bypassed, enabling automated login attempts and significantly increasing the risk of account takeover (ATO). This issue is fixed in version 2.0.14.

Affected

5 ranges
VendorProductVersion rangeFixed in
1panel-dev1panel< 2.0.142.0.14
fit2cloud1panel< 2.0.142.0.14
github.com1panel-dev_1panel>= 0 < 2.0.142.0.14
github.com1panel-dev_1panel>= 0 < 2.0.14+incompatible2.0.14+incompatible
github.com1panel-dev_1panel_core>= 0 < 0.0.0-20251128030527-ac43f00273be0.0.0-20251128030527-ac43f00273be
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.