Cross Site Request Forgery Vulnerability in OpenAdmin by Open Panel
CVE-2025-25873

5.5MEDIUM

Key Information:

Vendor: Open Panel
Status: OpenAdmin
Vendor: CVE Published:; 14 March 2025

Summary

A Cross Site Request Forgery vulnerability in Open Panel's OpenAdmin version 0.3.4 potentially allows attackers to exploit the Change Root Password function, enabling remote privilege escalation. This flaw poses significant risks, as it could allow unauthorized users to gain elevated access rights within the application, compromising sensitive data and system integrity.

References

https://openpanel.com/docs/

https://packetstorm.news/files/id/189597

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 14, 2025
Vulnerability Reserved
Feb 7, 2025