CVE-2025-48703: CWP Control Web Panel OS Command Injection Vulnerability.
CWP Control Web Panel OS Command Injection Vulnerability. CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command Injection vulnerability that allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A valid non-root username must be known.
- CISA KEV-listed (remediation due 2025-11-25)
- EPSS 69.8% (98.7% percentile)