CNNVD-202512-1978 Information

CNNVD ID

CNNVD-202512-1978

Related CVE

CVE-2025-34410

• CNNVD Published: 2025-12-10

Description (Chinese)

1Panel是中国1Panel社区的一个开源的Linux服务器运维管理面板。 1Panel 1.10.33版本至2.0.15版本存在跨站请求伪造漏洞，该漏洞源于更改用户名功能未实施CSRF防护，可能导致账户锁定和拒绝服务。

Description (English)

1 Panel is an open-source Linux server management panel for a Panel community in China. Versions 1 Panel 1.10.33 to 2.0.15 contain a false gap in cross-site requests, which arises from the failure to implement CSRF protections for changing user names, which may lead to the lock-in and denial of services.

Hazard Level

High

Vulnerability Type

跨站请求伪造

Affected Vendor

1Panel

Published

2025-12-10

Last Modified

2026-02-24

References

https://1panel.pro/ https://www.vulncheck.com/advisories/1panel-csrf-in-change-username-functionality-allows-account-lockout https://github.com/1Panel-dev/1Panel/releases https://access.redhat.com/security/cve/cve-2025-34410