Insecure Certificate Validation in 1Panel Web Interface by 1Panel Dev
CVE-2025-54424

8.1HIGH

Key Information:

Vendor: 1panel-dev
Status: 1panel
Vendor: CVE Published:; 1 August 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-54424?

1Panel, a web management interface for Linux servers, suffers from a vulnerability that arises from inadequate certificate validation between its Core and Agent endpoints. This flaw allows unauthorized access to sensitive interfaces, potentially enabling remote code execution due to several high-privilege functions within the application. Users are strongly advised to upgrade to version 2.0.6 or higher to mitigate this risk and enhance overall security.

Affected Version(s)

1Panel < 2.0.6

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-54424
Created by Mr-xn

References

https://github.com/1Panel-dev/1Panel/security/advisories/...

x_refsource_CONFIRM

https://github.com/1Panel-dev/1Panel/pull/9698/commits/40...

x_refsource_MISC

https://github.com/1Panel-dev/1Panel/releases/tag/v2.0.6

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Aug 4, 2025
👾
Exploit known to exist
Aug 4, 2025
Vulnerability published
Aug 1, 2025

1panel-dev

Badges

What is CVE-2025-54424?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V3.1

Timeline