VYPR
Unrated severityCISA KEVNVD Advisory· Published Sep 19, 2025· Updated Feb 26, 2026

CVE-2025-48703

CVE-2025-48703

Description

CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A valid non-root username must be known.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

3