CVE-2025-34430
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-34430, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-10

Last updated on: 2025-12-10

Assigner: VulnCheck

Description

1Panel versions 1.10.33 through 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the panel name management functionality. The affected endpoint does not implement CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that submits a panel-name change request; if a victim visits the page while authenticated, the browser includes valid session cookies and the request succeeds. This allows a remote attacker to change the victim’s panel name to an arbitrary value without consent.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-10
Last Modified
2025-12-10
Generated
2026-07-06
AI Q&A
2025-12-11
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
1panel 1panel 2.0.15
1panel 1panel 1.10.33

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Mitigation Strategies

To mitigate this CSRF vulnerability, immediately update 1Panel to a version later than 2.0.15 where the issue is fixed. If an update is not possible, implement CSRF protections such as anti-CSRF tokens or Origin/Referer header validation on the panel name management endpoint to prevent unauthorized requests. Additionally, educate users to avoid visiting untrusted webpages while authenticated to the panel.

Executive Summary

This vulnerability is a cross-site request forgery (CSRF) issue in 1Panel versions 1.10.33 through 2.0.15 affecting the panel name management functionality. The affected endpoint lacks CSRF protections like anti-CSRF tokens or Origin/Referer validation. An attacker can create a malicious webpage that, when visited by an authenticated user, submits a request to change the panel name without the user's consent, using the user's valid session cookies.

Impact Analysis

This vulnerability allows a remote attacker to change the victim's panel name to any arbitrary value without their consent. This unauthorized change can lead to confusion, misrepresentation, or potential misuse of the panel's identity, possibly affecting the integrity and trustworthiness of the system.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-34430. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart