cbcvebase.

Lxware 1Panel vulnerabilities

3 known vulnerabilities affecting lxware/1panel.

Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2025-34429P4HIGHCVSS 7.1≥ 1.10.33, ≤ 2.0.152025-12-10
CVE-2025-34429 [HIGH] CWE-352 CVE-2025-34429: 1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the we 1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the web port configuration functionality. The port-change endpoint lacks CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that submits a port-change request; when a victim visits it while authentic
nvd
CVE-2025-34410P4HIGHCVSS 7.1≥ 1.10.33, ≤ 2.0.152025-12-10
CVE-2025-34410 [HIGH] CWE-352 CVE-2025-34410: 1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the Ch 1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the Change Username functionality available from the settings panel (/settings/panel). The endpoint does not implement CSRF protections such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that submits a username-ch
nvd
CVE-2025-34430P4MEDIUMCVSS 4.3≥ 1.10.33, ≤ 2.0.152025-12-10
CVE-2025-34430 [MEDIUM] CWE-352 CVE-2025-34430: 1Panel versions 1.10.33 through 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in 1Panel versions 1.10.33 through 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the panel name management functionality. The affected endpoint does not implement CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that submits a panel-name change request; if a victim visit
nvd
Lxware 1Panel vulnerabilities | cvebase