← ExploitWatch
HomeExploited Vulnerabilities

CVE-2025-48703 — Actively Exploited: Control Web Panel (CWP)

CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command Injection vulnerability that allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A valid non-root username must be known.

CVE IDCVE-2025-48703
VendorCWP
ProductControl Web Panel
Vulnerability nameCWP Control Web Panel OS Command Injection Vulnerability
Date added2025-11-04
Remediation due2025-11-25
Known ransomware useUnknown
Required actionApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
DescriptionCWP Control Web Panel (formerly CentOS Web Panel) contains an OS command Injection vulnerability that allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A valid non-root username must be known.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →