A critical vulnerability in Control Web Panel (CWP) has been exploited in the wild, impacting thousands of Linux web hosting systems worldwide. Despite a patch being released, many instances remain exposed, increasing the risk of unauthorized command execution. #CVE-2025-48703 #CWP #Netlasio #Shodan
Keypoints
- The vulnerability CVE-2025-48703 allows remote attackers to execute commands without authentication on CWP servers.
- The flaw affects approximately 150,000 to 220,000 internet-exposed CWP instances globally.
- CISA has classified CVE-2025-48703 as a known exploited vulnerability requiring urgent patching.
- The vulnerability was reported in mid-May and patched with version 0.9.8.1205 about one month later.
- Threat actors are actively developing and sharing exploits on cybercrime forums, increasing the attack risk.
Read More: https://www.securityweek.com/cisa-warns-of-cwp-vulnerability-exploited-in-the-wild/