Bypass of CAPTCHA Verification in 1Panel Control Panel for Linux Server Management
CVE-2025-66507

7.5HIGH

Key Information:

Vendor

1panel-dev

Status
1panel
Vendor
CVE Published:
9 December 2025

What is CVE-2025-66507?

1Panel, an open-source control panel for managing Linux servers, has a security flaw in versions 2.0.13 and earlier that allows attackers to disable CAPTCHA verification. This vulnerability results from insufficient validation of a client-controlled parameter, which an unauthenticated attacker can exploit. By bypassing CAPTCHA protections, the risk of automated login attempts rises significantly, leading to potential account takeover. Users are advised to update to version 2.0.14, which addresses this issue.

Affected Version(s)

1Panel < 2.0.14

References

https://github.com/1Panel-dev/1Panel/security/advisories/...
x_refsource_CONFIRM
https://github.com/1Panel-dev/1Panel/commit/ac43f00273be7...
x_refsource_MISC
https://github.com/1Panel-dev/1Panel/releases/tag/v2.0.14
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-66507 : Bypass of CAPTCHA Verification in 1Panel Control Panel for Linux Server Management