Login Sign Up

CVE-2025-34429

7.1 HIGH
Denial of Service CSRF

📋 TL;DR

This CSRF vulnerability in 1Panel allows attackers to change the web service port when authenticated users visit malicious pages. Affected users are those running 1Panel versions 1.10.33 through 2.0.15 with web access, potentially causing service disruption or exposure on attacker-chosen ports.

💻 Affected Systems

Products:
  • 1Panel
Versions: 1.10.33 - 2.0.15
Operating Systems: Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations within the affected version range are vulnerable if web interface is accessible.

📦 What is this software?

1panel by Fit2cloud

View all CVEs affecting 1panel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete loss of web management access, service disruption, and potential exposure on insecure ports leading to further attacks.

🟠

Likely Case

Service disruption requiring manual port restoration and temporary loss of management access.

🟢

If Mitigated

No impact if CSRF protections are implemented or if the service is not internet-facing.

🌐 Internet-Facing: HIGH - Internet-facing instances are directly exploitable via malicious web pages.
🏢 Internal Only: MEDIUM - Requires internal user interaction with malicious content but still exploitable.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires user authentication but is technically simple via crafted HTML pages.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.0.16

Vendor Advisory: https://github.com/1Panel-dev/1Panel/releases

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Update to version 2.0.16 or later via 1Panel's built-in update mechanism or manual installation. 3. Restart the 1Panel service.

🔧 Temporary Workarounds

Implement CSRF Protection Proxy

linux

Place a reverse proxy with CSRF token validation in front of 1Panel

# Configure nginx with CSRF protection
# Add 'proxy_set_header X-CSRF-Token $http_x_csrf_token;' to location block

Restrict Network Access

linux

Limit 1Panel web interface access to trusted IPs only

# Use firewall rules: ufw allow from TRUSTED_IP to any port PANEL_PORT
# Or configure web server access controls

🧯 If You Can't Patch

  • Implement strict network segmentation and limit 1Panel access to management networks only.
  • Deploy a WAF or reverse proxy with CSRF protection between users and 1Panel.

🔍 How to Verify

Check if Vulnerable:

Check 1Panel version via web interface dashboard or run '1panel version' command. If version is between 1.10.33 and 2.0.15 inclusive, system is vulnerable.

Check Version:

1panel version

Verify Fix Applied:

Verify version is 2.0.16 or later and test port change functionality with CSRF token validation.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected port configuration changes in 1Panel logs
  • Web requests to port-change endpoint without CSRF tokens

Network Indicators:

  • Unusual port scanning activity targeting non-standard ports
  • HTTP requests from unexpected origins to management interface

SIEM Query:

source="1panel.log" AND "port-change" AND NOT csrf_token=*

📊 Metadata

CVE ID: CVE-2025-34429
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
CWE: CWE-352
EPSS Score: 0.03% exploit probability (8.4th percentile)
Published: December 10, 2025
Last Updated: December 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-34429, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)