CISA Warns of CWP Vulnerability Exploited in the Wild

CISA Warns of CWP Vulnerability Exploited in the Wild

Posted on By CWS

The cybersecurity company CISA on Tuesday warned {that a} important vulnerability affecting the Management Internet Panel (CWP) server administration software program has been exploited within the wild.

CWP, beforehand named CentOS Internet Panel, is a free and extensively used Linux webhosting management panel that’s designed to simplify server administration.

A vulnerability in CWP, tracked as CVE-2025-48703, permits distant, unauthenticated attackers to execute arbitrary instructions on weak techniques. An attacker in possession of a sound non-root username can bypass authentication and execute instructions utilizing specifically crafted requests. 

The vulnerability was reported to CWP builders in mid-Might and patched roughly one month later with the discharge of model 0.9.8.1205.

There don’t look like any public experiences describing assaults by which CVE-2025-48703 has been exploited. 

Findsec warned just a few months in the past that exploitation of the vulnerability had been imminent. The corporate famous that exploitation could possibly be automated and that risk actors had already began growing and sharing exploits on cybercrime boards.

In response to Netlas.io, there are roughly 150,000 internet-exposed CWP situations which can be probably affected by CVE-2025-48703, a majority in the US (37,510), adopted by Germany, Japan, India, France, and Canada. Shodan exhibits greater than 220,000 internet-exposed situations. 

Given this widespread publicity, it’s extremely doubtless that the vulnerability has been exploited in opportunistic assaults. Commercial. Scroll to proceed studying.

CISA added CVE-2025-48703 to its Recognized Exploited Vulnerabilities (KEV) catalog and instructed federal companies to handle it by November 25. 

In-the-wild exploitation of a CWP vulnerability was beforehand reported in early 2023. 

Associated: Essential Flaw in Standard React Native NPM Bundle Exposes Builders to Assaults

Associated: CISA Warns of Exploited DELMIA Manufacturing facility Software program Vulnerabilities

Associated: CISA Provides Exploited XWiki, VMware Flaws to KEV Catalog

Security Week News Tags:, , , , ,

Related Posts

SentinelOne to Acquire Observo AI in 5 Million Deal SentinelOne to Acquire Observo AI in $225 Million Deal Security Week News
North Korean Hackers Take Over Victims’ Systems Using Zoom Meeting North Korean Hackers Take Over Victims’ Systems Using Zoom Meeting Security Week News
Malicious Chrome Extension Crashes Browser in ClickFix Variant ‘CrashFix’ Malicious Chrome Extension Crashes Browser in ClickFix Variant ‘CrashFix’ Security Week News
US Seeks Forfeiture of .74M in Cryptocurrency Tied to North Korean IT Workers US Seeks Forfeiture of $7.74M in Cryptocurrency Tied to North Korean IT Workers Security Week News
Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit Security Week News
Oracle’s First 2026 CPU Delivers 337 New Security Patches Oracle’s First 2026 CPU Delivers 337 New Security Patches Security Week News