Cisa Warns Of Control Web Panel Os Command Injection Vulnerability...

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning regarding a dangerous OS command injection vulnerability affecting Control Web Panel (CWP), formerly known as CentOS Web Panel.

The vulnerability, tracked as CVE-2025-48703, enables unauthenticated remote attackers to execute arbitrary commands on vulnerable systems with minimal prerequisites.

CVE-2025-48703 represents a significant security risk because it allows attackers to bypass authentication requirements entirely.

The flaw resides in the file manager changePerm request functionality, where malicious shell metacharacters are injected into the t_total parameter, triggering remote code execution.

What makes this vulnerability particularly concerning is that attackers need only knowledge of a valid non-root username to exploit it successfully.

This relatively low barrier to entry means threat actors can systematically target exposed CWP installations without specialized access or credentials.

The vulnerability is classified under CWE-78, which covers improper neutralization of special elements used in an OS command.

This categorization reflects the fundamental input validation failure that allows attackers to break out of intended command contexts and execute arbitrary system commands with the privileges of the web application process.

CISA added CVE-2025-48703 to its Known Exploited Vulnerabilities catalog on November 4, 2025, indicating active exploitation in the wild.

The agency has established a mitigation deadline of November 25, 2025, giving organizations roughly three weeks to secure their systems.