Cross Site Request Forgery Vulnerability in OpenAdmin by Open Panel
CVE-2025-25873

5.5MEDIUM

Key Information:

Vendor: Open Panel
Status: OpenAdmin
Vendor: CVE Published:; 14 March 2025

What is CVE-2025-25873?

A Cross Site Request Forgery vulnerability in Open Panel's OpenAdmin version 0.3.4 potentially allows attackers to exploit the Change Root Password function, enabling remote privilege escalation. This flaw poses significant risks, as it could allow unauthorized users to gain elevated access rights within the application, compromising sensitive data and system integrity.

References

https://openpanel.com/docs/

https://packetstorm.news/files/id/189597

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 14, 2025
Vulnerability Reserved
Feb 7, 2025