CVE-2025-66429

High

Published: 11 December 2025

Published

11 December 2025

Modified

15 December 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0019 39.8th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

An issue was discovered in cPanel 110 through 132. A directory traversal vulnerability within the Team Manager API allows for overwrite of an arbitrary file. This can allow for privilege escalation to the root user.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly prevents directory traversal attacks by validating Team Manager API inputs like file paths to block traversal sequences enabling arbitrary file overwrites.

SI-2 Flaw Remediation good match

prevent

Mandates timely remediation of the specific directory traversal flaw in cPanel versions 110-132 via patching or upgrades to eliminate the vulnerability.

AC-6 Least Privilege partial match

prevent

Enforces least privilege to restrict low-privilege (PR:L) accounts from exploiting file overwrites for root escalation on cPanel servers.

Security SummaryAI

CVE-2025-66429 is a directory traversal vulnerability (CWE-22) affecting cPanel versions 110 through 132, specifically within the Team Manager API. This flaw enables attackers to overwrite arbitrary files on the system, potentially leading to privilege escalation to the root user. The vulnerability has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its network accessibility, low attack complexity, and significant impacts on confidentiality, integrity, and availability.

An authenticated attacker with low privileges (PR:L) can exploit this vulnerability remotely over the network without user interaction. By leveraging the directory traversal in the Team Manager API, they can overwrite critical files, achieving full root-level privilege escalation on the affected cPanel server.

Mitigation details are provided in cPanel's official advisories, including the changelog for version 126 at https://docs.cpanel.net/changelogs/126-change-log/ and general release notes at https://docs.cpanel.net/release-notes/release-notes/. Security practitioners should consult these resources for patching instructions and upgrade paths beyond version 132.

Details

CWE(s): CWE-22

Affected Products

cpanel

110.0.0 — 126.0.37 · 128.0.1 — 130.0.16 · 132.0.0 — 132.0.4

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Directory traversal enables arbitrary file overwrite for root privilege escalation, directly mapping to T1068: Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://docs.cpanel.net/changelogs/126-change-log/
Release Notes · cve@mitre.org
https://docs.cpanel.net/release-notes/release-notes/
Not Applicable · cve@mitre.org