CVE-2025-56413

High CVSS: 8.8

OS Command injection vulnerability in function OperateSSH in 1panel 2.0.8 allowing attackers to execute arbitrary commands via the operation parameter to the /api/v2/hosts/ssh/operate endpoint.

Vendor

Fit2cloud

Product

1panel

CWE

CWE-78

Yayın Tarihi

2025-09-10 14:15:39

Güncelleme

2025-11-18 17:41:44

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-78 1panel HIGH Fit2cloud 2025

Referanslar

https://github.com/August829/CVEP/issues/5 https://github.com/August829/Yu/blob/main/20250812_1.md

Benzer Kayıtlar

High

CVE-2026-32949

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Se…

High

CVE-2026-32950

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a cr…

High

CVE-2026-32622

SQLBot is an intelligent data query system based on a large language model and RAG. Versions 1.5.0 and below contain a S…

Medium

CVE-2026-31798

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v4.10.16-lts,…

Medium

CVE-2026-31864

JumpServer is an open source bastion host and an operation and maintenance security audit system. a Server-Side Template…

Medium

CVE-2025-15598

A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend…