CVE-2025-53534: RatPanel can perform remote command execution without authorization
(updated )
- When an attacker obtains the backend login path of RatPanel (including but not limited to weak default paths, brute-force cracking, etc.), they can execute system commands or take over hosts managed by the panel without logging in.
- In addition to this remote code execution (RCE) vulnerability, the flawed code also leads to unauthorized access.
References
- github.com/advisories/GHSA-fm3m-jrgm-5ppg
- github.com/tnborg/panel
- github.com/tnborg/panel/commit/4985eb2e1f388ecd6faf331941c13cb97368ec1d
- github.com/tnborg/panel/commit/91ecd04c270061429f9df5ec19cd6b96a9f595f2
- github.com/tnborg/panel/commit/ed5c74c7534230ba685273504af4c1e1e3598ff1
- github.com/tnborg/panel/releases/tag/v2.5.6
- github.com/tnborg/panel/security/advisories/GHSA-fm3m-jrgm-5ppg
- nvd.nist.gov/vuln/detail/CVE-2025-53534
Code Behaviors & Features
Detect and mitigate CVE-2025-53534 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →