CNNVD-202512-5462 Information
CNNVD ID
CNNVD-202512-5462
Related CVE
- CNNVD Published: 2025-12-30
Description (Chinese)
CloudPanel是CloudPanel开源的一款免费软件。用于配置和管理服务器。 CloudPanel 2.5.1及之前版本存在输入验证错误漏洞,该漏洞源于对组件HTTP Header Handler中文件/admin/users参数Referer的错误操作,可能导致重定向。
Description (English)
Cloud Panel is a free-of-charge software for Cloud Panel. To configure and manage the server. There is an input authentication bug in CloudPanel 2.5.1 and previous versions, which results from an error in the file/admin/user parameter of component HTTP Header Handler, which may lead to a redirection.
Hazard Level
Critical
Vulnerability Type
输入验证错误
Affected Vendor
CloudPanel
Published
2025-12-30
Last Modified
2026-02-24
References
https://github.com/Stolichnayer/cloudpanel-open-redirect https://github.com/Stolichnayer/cloudpanel-open-redirect?tab=readme-ov-file#%EF%B8%8F-steps-to-reproduce https://github.com/cloudpanel-io/cloudpanel-ce/releases/tag/v2.5.2 https://vuldb.com/?ctiid.338631 https://vuldb.com/?id.338631 https://vuldb.com/?submit.725543
Patch
https://github.com/cloudpanel-io/cloudpanel-ce/releases
Share on: