CVE-2025-34410 – This CSRF vulnerability in 1Panel allows attack... (How to Fix)

Q: What is the severity of CVE-2025-34410?

CVE-2025-34410 has a CVSS score of 7.1 (HIGH). This CSRF vulnerability in 1Panel allows attackers to change authenticated users' usernames without consent via malicious webpages. When exploited, victims are logged out and locked out of their accounts, causing denial of service. All 1Panel users running affected versions are vulnerable.

📋 TL;DR

This CSRF vulnerability in 1Panel allows attackers to change authenticated users' usernames without consent via malicious webpages. When exploited, victims are logged out and locked out of their accounts, causing denial of service. All 1Panel users running affected versions are vulnerable.

💻 Affected Systems

Products:

1Panel

Versions: 1.10.33 through 2.0.15

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with web interface accessible are vulnerable; no special configuration required.

📦 What is this software?

1panel by Fit2cloud

View all CVEs affecting 1panel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator account lockout leading to complete loss of 1Panel management access, requiring manual recovery or reinstallation.

🟠

Likely Case

Individual user account lockout requiring administrator intervention to restore access via backend database changes.

🟢

If Mitigated

No impact if proper CSRF protections are implemented or workarounds are applied.

🌐 Internet-Facing: HIGH - Web-based attack requiring only victim to visit malicious page while authenticated.

🏢 Internal Only: MEDIUM - Still exploitable via internal phishing or compromised internal sites.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires victim to be authenticated and visit malicious page; simple HTML form can trigger the attack.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.0.16 or later

Vendor Advisory: https://github.com/1Panel-dev/1Panel/releases

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Update to version 2.0.16 or later via 1Panel update interface or manual installation. 3. Restart 1Panel service.

🔧 Temporary Workarounds

Disable username change functionality

linux

Remove or restrict access to the vulnerable endpoint

# Modify nginx/apache config to block /settings/panel endpoint
# Or implement web application firewall rule

Implement reverse proxy CSRF protection

linux

Add CSRF token validation at reverse proxy level

# Configure nginx with $http_x_csrf_token validation
# Or use mod_security with anti-CSRF rules

🧯 If You Can't Patch

Restrict 1Panel access to trusted networks only using firewall rules
Implement strict SameSite cookie policies and use browser extensions that block CSRF

🔍 How to Verify

Check if Vulnerable:

Check if version is between 1.10.33 and 2.0.15 inclusive via 1Panel dashboard or version file

Check Version:

cat /opt/1panel/version.txt || docker exec 1panel cat /opt/1panel/version.txt

Verify Fix Applied:

Confirm version is 2.0.16 or later and test username change functionality with missing CSRF token

📡 Detection & Monitoring

Log Indicators:

Multiple failed login attempts from same user after username change
Username modification requests without referrer headers

Network Indicators:

POST requests to /settings/panel without CSRF tokens
Cross-origin requests to 1Panel endpoints

SIEM Query:

source="1panel" AND (uri_path="/settings/panel" AND http_method="POST") | stats count by src_ip, user

📊 Metadata

CVE ID: CVE-2025-34410

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

CWE: CWE-352

EPSS Score: 0.03% exploit probability (8.4th percentile)

Published: December 10, 2025

Last Updated: December 23, 2025

🔗 References

https://1panel.pro/ Product
https://github.com/1Panel-dev/1Panel/releases Product,Release Notes
https://www.vulncheck.com/advisories/1panel-csrf-in-change-username-functionality-allows-account-lockout Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-34410, you might also want to check these: