Moderate severityOSV Advisory· Published Dec 10, 2025· Updated Mar 5, 2026
1Panel CSRF Panel Name Modification
CVE-2025-34430
Description
1Panel versions 1.10.33 through 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the panel name management functionality. The affected endpoint does not implement CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that submits a panel-name change request; if a victim visits the page while authenticated, the browser includes valid session cookies and the request succeeds. This allows a remote attacker to change the victim’s panel name to an arbitrary value without consent.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/1Panel-dev/1PanelGo | >= 1.10.33, <= 2.0.15 | — |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-5xpq-2vmc-5cqpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-34430ghsaADVISORY
- www.vulncheck.com/advisories/1panel-csrf-panel-name-modificationghsathird-party-advisoryWEB
- 1panel.proghsaWEB
- 1panel.promitreproduct
News mentions
0No linked articles in our index yet.