<ciso brief/>
Tag Banner

All news with #centos tag

all tags →

Wed, November 5, 2025

CISA Warns of Critical CentOS Web Panel RCE Exploit

#CISA #KEV Added #Actively Exploited #CentOS #Remote Code Execution

⚠️ CISA warns that a critical remote command execution vulnerability, tracked as CVE-2025-48703, is being exploited in the wild against CentOS Web Panel (CWP). The flaw impacts all CWP versions before 0.9.8.1204 and allows unauthenticated attackers who know a valid username to inject shell commands via the file-manager changePerm t_total parameter. The vendor fixed the issue in 0.9.8.1205, and federal agencies have until Nov 25 under BOD 22-01 to remediate or stop using the product.

read more →