Description

1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. In versions 2.0.5 and below, the HTTPS protocol used for communication between the Core and Agent endpoints has incomplete certificate verification during certificate validation, leading to unauthorized interface access. Due to the presence of numerous command execution or high-privilege interfaces in 1Panel, this results in Remote Code Execution (RCE). This is fixed in version 2.0.6. The CVE has been translated from Simplified Chinese using GitHub Copilot.

INFO

Published Date :

2025-08-01T23:04:38.142Z

Last Modified :

2025-08-04T14:18:25.328Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-54424 vulnerability.

Vendors Products
1panel
  • 1panel
Fit2cloud
  • 1panel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-54424.

URL Resource
https://github.com/1Panel-dev/1Panel/pull/9698/commits/4003284521f8d31ddaf7215d1c30ab8b4cdb0261 cve-icon cve-icon
https://github.com/1Panel-dev/1Panel/releases/tag/v2.0.6 cve-icon cve-icon
https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-8j63-96wh-wh3j cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact