CVE-2025-34429
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-10

Last updated on: 2025-12-10

Assigner: VulnCheck

Description
1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the web port configuration functionality. The port-change endpoint lacks CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that submits a port-change request; when a victim visits it while authenticated, the browser includes valid session cookies and the request succeeds. This allows an attacker to change the port on which the 1Panel web service listens, causing loss of access on the original port and resulting in service disruption or denial of service, and may unintentionally expose the service on an attacker-chosen port.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-10
Last Modified
2025-12-10
Generated
2026-06-16
AI Q&A
2025-12-10
EPSS Evaluated
2026-06-15
NVD
CVE-2025-34429
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
1panel 1panel 2.0.15
1panel 1panel 1.10.33
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a cross-site request forgery (CSRF) in 1Panel versions 1.10.33 to 2.0.15 affecting the web port configuration functionality. The port-change endpoint does not have protections like anti-CSRF tokens or Origin/Referer validation. An attacker can create a malicious webpage that, when visited by an authenticated user, sends a port-change request using the user's valid session cookies. This allows the attacker to change the port on which the 1Panel web service listens without the user's consent.

Impact Analysis

The vulnerability can cause service disruption or denial of service by changing the port on which the 1Panel web service listens, resulting in loss of access on the original port. Additionally, it may unintentionally expose the service on an attacker-chosen port, potentially increasing security risks.

Mitigation Strategies

To mitigate this vulnerability, immediately restrict access to the 1Panel web service to trusted users only, avoid visiting untrusted webpages while authenticated to the 1Panel service, and monitor for unexpected changes in the web service port. Additionally, update 1Panel to a version later than 2.0.15 once available that includes CSRF protections such as anti-CSRF tokens or Origin/Referer validation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-34429. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart