CNNVD-202510-2273 Information

CNNVD ID

CNNVD-202510-2273

Related CVE

CVE-2018-25117

• CNNVD Published: 2025-10-15

Description (Chinese)

Vesta Control Panel（VestaCP）是一个开源的虚拟主机控制面板。 Vesta Control Panel ee03eff版本及之前版本存在安全漏洞，该漏洞源于嵌入恶意代码，可能导致供应链攻击和管理员凭据泄露。

Description (English)

Vesta Control Panel (VestaCP) is an open-source virtual mainframe control panel. There is a security loophole in Vesta Control Panel ee03eff and earlier versions, which stems from the embedding of malicious codes, which could lead to supply chain attacks and leakage by administrators.

Hazard Level

High

Vulnerability Type

其他

Published

2025-10-15

Last Modified

2026-02-24

References

https://forum.vestacp.com/viewtopic.php?f=10&t=17641&p=73282 https://forum.vestacp.com/viewtopic.php?f=10&t=17641&start=180#p73907 https://github.com/outroll/vesta https://github.com/outroll/vesta/commit/a3f0fa1501d424477786e3e7150bb05c0b99518f#diff-df8da0c91e9086454c60cd468849630dR1256 https://github.com/outroll/vesta/commit/ee03eff016e03cb76fac7ae3a0f9d1ef0f8ee35b#diff-df8da0c91e9086454c60cd468849630dL1270 https://vestacp.com/ https://www.vulncheck.com/advisories/vestacp-debian-installer-malicious-backdoor-supply-chain-compromise https://www.welivesecurity.com/2018/10/18/new-linux-chachaddos-malware-distributed-servers-vestacp-installed/