CVE-2025-25871
Published: 14 March 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-25871 is a privilege escalation vulnerability affecting Open Panel version 0.3.4. The flaw resides in the Fix Permissions function, which allows a remote attacker to elevate their privileges. Published on 2025-03-14, it carries a CVSS v3.1 base score of 8.0 (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H) and maps to CWE-281 (Improper Preservation of Permissions).
A remote attacker with low privileges can exploit the vulnerability over the network with low attack complexity, though it requires user interaction. Successful exploitation results in high impacts to confidentiality, integrity, and availability, specifically enabling privilege escalation.
The OpenPanel changelog for version 0.3.5 references security fixes addressing this issue, indicating that upgrading to 0.3.5 mitigates the vulnerability. Further details are provided in advisories hosted on PacketStorm.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The CVE explicitly describes a remote privilege escalation vulnerability in the Fix Permissions function of a public-facing web control panel (Open Panel), directly enabling exploitation of public-facing applications (T1190) and exploitation for privilege escalation (T1068).