CVE-2025-66507
- Source
- https://cve.org/CVERecord?id=CVE-2025-66507
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-66507.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-66507
- Aliases
- Published
- 2025-12-09T01:25:48.140Z
- Modified
- 2026-02-07T02:53:08.364452Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- 1Panel – CAPTCHA Bypass via Client-Controlled Flag
- Details
-
1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.13 and below allow an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA protections can be bypassed, enabling automated login attempts and significantly increasing the risk of account takeover (ATO). This issue is fixed in version 2.0.14.
- Database specific
{ "cwe_ids": [ "CWE-290", "CWE-602", "CWE-807" ], "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/66xxx/CVE-2025-66507.json" }- References
-
- https://github.com/1Panel-dev/1Panel/commit/ac43f00273be745f8d04b90b6e2b9c1a40ef7bca
- https://github.com/1Panel-dev/1Panel/releases/tag/v2.0.14
- https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-qmg5-v42x-qqhq
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/66xxx/CVE-2025-66507.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-66507
Affected packages
Git / github.com/1panel-dev/1panel
Affected ranges
- Type
- GIT
- Repo
- https://github.com/1panel-dev/1panel
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v1.*
v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.10.0-lts
v1.10.1-lts
v1.10.10-lts
v1.10.12-beta
v1.10.2-lts
v1.10.3-lts
v1.10.4-lts
v1.10.5-lts
v1.10.7-lts
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.3.0
v1.3.1
v1.3.2
v1.3.3
v1.4.0
v1.4.1
v1.4.2
v1.4.3
v1.5.0
v1.5.1
v1.6.0
v1.6.1
v1.7.0
v1.7.1
v1.8.0
v1.8.1
v1.8.2
v1.9.0
v1.9.1
v1.9.2
v1.9.3
v1.9.4
v1.9.5
v1.9.6
v2.*
v2.0.0
v2.0.1
v2.0.10
v2.0.11
v2.0.12
v2.0.13
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.0.7
v2.0.8