Unrated severityCISA KEVNVD Advisory· Published Sep 19, 2025· Updated Feb 26, 2026
CVE-2025-48703
CVE-2025-48703
Description
CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A valid non-root username must be known.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <0.9.8.1205
- Range: 0
Patches
Vulnerability mechanics
References
1News mentions
3- ‘PCPJack’ Worm Removes TeamPCP Infections, Steals CredentialsSecurityWeek · May 8, 2026
- New PCPJack worm steals credentials, cleans TeamPCP infectionsBleepingComputer · May 7, 2026
- PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud SystemsThe Hacker News · May 7, 2026