CVE-2025-67888
Awaiting Analysis Awaiting Analysis - Queue
Command Injection in Control Web Panel

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: MITRE

Description
An issue was discovered in Control Web Panel (CWP) before 0.9.8.1209. User input passed via the "key" GET parameter to /admin/index.php (when the "api" parameter is set) is not properly sanitized before being used to execute OS commands. This can be exploited by unauthenticated attackers to inject and execute arbitrary OS commands with the privileges of root on the web server. Softaculous or SitePad must be present.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-06-19
AI Q&A
2026-05-08
EPSS Evaluated
2026-06-18
NVD
CVE-2025-67888
EUVD
EUVD-2025-209736
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
control_web_panel cwp to 0.9.8.1208 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Control Web Panel (CWP) versions before 0.9.8.1209. It occurs because user input passed through the "key" GET parameter to the /admin/index.php file (when the "api" parameter is set) is not properly sanitized. This improper sanitization allows unauthenticated attackers to inject and execute arbitrary operating system commands on the web server.

Exploitation requires that either Softaculous or SitePad is installed via the Scripts Manager. When exploited, attackers can run OS commands with root privileges, which means they gain full control over the server.

Compliance Impact

The provided information does not specify how the vulnerability in Control Web Panel (CWP) affects compliance with common standards and regulations such as GDPR or HIPAA.

Impact Analysis

If exploited, this vulnerability allows unauthenticated attackers to execute arbitrary OS commands with root privileges on the affected web server. This can lead to complete compromise of the server, including unauthorized access to sensitive data, modification or deletion of files, installation of malware, and disruption of services.

Detection Guidance

This vulnerability can be detected by checking if your Control Web Panel (CWP) version is 0.9.8.1208 or earlier and if Softaculous or SitePad is installed via the Scripts Manager.

To detect exploitation attempts, monitor web server logs for requests to /admin/index.php that include the "api" parameter set and a "key" GET parameter containing suspicious or command injection payloads.

You can use commands like the following to search for suspicious access patterns in your web server logs:

  • grep -i '/admin/index.php' /var/log/apache2/access.log | grep 'api=' | grep 'key='
  • grep -E 'key=.*(;|&&|\|\|)' /var/log/apache2/access.log

Additionally, you can scan your CWP version with commands like:

  • rpm -qa | grep cwp
  • cat /usr/local/cwp/version
Mitigation Strategies

The immediate mitigation step is to upgrade Control Web Panel (CWP) to version 0.9.8.1209 or later, where this vulnerability has been fixed.

If upgrading immediately is not possible, consider disabling or restricting access to /admin/index.php with the "api" parameter, especially if Softaculous or SitePad are installed.

Additional security measures include:

  • Restricting web server access to trusted IP addresses for the admin panel.
  • Implementing Web Application Firewall (WAF) rules to block suspicious requests containing command injection patterns.
  • Following general CWP security best practices such as setting strict file permissions, disabling dangerous PHP functions, and using ModSecurity and FileSystemLock.

Regularly monitor logs for suspicious activity and maintain backups before applying updates.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-67888. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart