CVE-2025-34430
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-10

Last updated on: 2025-12-10

Assigner: VulnCheck

Description
1Panel versions 1.10.33 through 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the panel name management functionality. The affected endpoint does not implement CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that submits a panel-name change request; if a victim visits the page while authenticated, the browser includes valid session cookies and the request succeeds. This allows a remote attacker to change the victim’s panel name to an arbitrary value without consent.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-10
Last Modified
2025-12-10
Generated
2026-06-16
AI Q&A
2025-12-10
EPSS Evaluated
2026-06-15
NVD
CVE-2025-34430
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
1panel 1panel 2.0.15
1panel 1panel 1.10.33
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a cross-site request forgery (CSRF) issue in 1Panel versions 1.10.33 through 2.0.15 affecting the panel name management functionality. The affected endpoint lacks CSRF protections like anti-CSRF tokens or Origin/Referer validation. An attacker can create a malicious webpage that, when visited by an authenticated user, submits a request to change the panel name without the user's consent, using the user's valid session cookies.

Impact Analysis

This vulnerability allows a remote attacker to change the victim's panel name to any arbitrary value without their consent. This unauthorized change can lead to confusion, misrepresentation, or potential misuse of the panel's identity, possibly affecting the integrity and trustworthiness of the system.

Mitigation Strategies

To mitigate this CSRF vulnerability, immediately update 1Panel to a version later than 2.0.15 where the issue is fixed. If an update is not possible, implement CSRF protections such as anti-CSRF tokens or Origin/Referer header validation on the panel name management endpoint to prevent unauthorized requests. Additionally, educate users to avoid visiting untrusted webpages while authenticated to the panel.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-34430. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart