CVE-2025-56551
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-03

Last updated on: 2025-10-15

Assigner: MITRE

Description
An issue in DirectAdmin v1.680 allows unauthorized attackers to manipulate the page layout and replace the legitimate login interface with arbitrary attacker-controlled content via supplying a crafted GET request.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-03
Last Modified
2025-10-15
Generated
2026-06-16
AI Q&A
2025-10-03
EPSS Evaluated
2026-06-15
NVD
CVE-2025-56551
EUVD
EUVD-2025-32471
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
directadmin directadmin 1.680
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-598 The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in DirectAdmin v1.680 allows unauthorized attackers to manipulate the page layout by sending a specially crafted GET request. This manipulation can replace the legitimate login interface with attacker-controlled content.

Impact Analysis

The impact of this vulnerability is that attackers can trick users into interacting with a fake login interface, potentially leading to credential theft or unauthorized access.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-56551. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart