Moderate severityOSV Advisory· Published Dec 10, 2025· Updated Mar 5, 2026
1Panel CSRF Panel Name Modification
CVE-2025-34430
Description
1Panel versions 1.10.33 through 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the panel name management functionality. The affected endpoint does not implement CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that submits a panel-name change request; if a victim visits the page while authenticated, the browser includes valid session cookies and the request succeeds. This allows a remote attacker to change the victim’s panel name to an arbitrary value without consent.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/1Panel-dev/1PanelGo | >= 1.10.33, <= 2.0.15 | — |
Affected products
3- ghsa-coords2 versionspkg:golang/github.com/1panel-dev/1panelpkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6
>= 1.10.33, <= 2.0.15+ 1 more
- (no CPE)range: >= 1.10.33, <= 2.0.15
- (no CPE)range: < 0.0.20251230T014957-150000.1.134.1
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-5xpq-2vmc-5cqpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-34430ghsaADVISORY
- www.vulncheck.com/advisories/1panel-csrf-panel-name-modificationghsathird-party-advisoryWEB
- 1panel.proghsaWEB
- 1panel.promitreproduct
- github.com/1Panel-dev/1Panel/releasesghsaproductWEB
News mentions
0No linked articles in our index yet.