← Retour aux CVEs

CVE-2025-15241

LOW

3.5

Description

A security vulnerability has been detected in CloudPanel Community Edition up to 2.5.1. The affected element is an unknown function of the file /admin/users of the component HTTP Header Handler. Such manipulation of the argument Referer leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 2.5.2 is sufficient to fix this issue. Upgrading the affected component is recommended.

Details CVE

Score CVSS v3.13.5

SeveriteLOW

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisLOW

Interaction utilisateurREQUIRED

Publie12/30/2025

Derniere modification12/31/2025

Sourcenvd

Observations honeypot0

Faiblesses (CWE)

CWE-601

References

https://github.com/Stolichnayer/cloudpanel-open-redirect(cna@vuldb.com)

https://github.com/Stolichnayer/cloudpanel-open-redirect?tab=readme-ov-file#%EF%B8%8F-steps-to-reproduce(cna@vuldb.com)

https://github.com/cloudpanel-io/cloudpanel-ce/releases/tag/v2.5.2(cna@vuldb.com)

https://vuldb.com/?ctiid.338631(cna@vuldb.com)

https://vuldb.com/?id.338631(cna@vuldb.com)

https://vuldb.com/?submit.725543(cna@vuldb.com)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.