CVE-2025-68954

High CVSS: 7.5

Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below do not revoke active SFTP connections when a user is removed from a server instance or has their permissions changes with respect to file access over SFTP. This allows a user that was already connected to SFTP to remain connected and access files even after their permissions are revoked. A user must have been connected to SFTP at the time of their permissions being revoked in order for this vulnerability to be exploited. This issue is fixed in version 1.12.0.

Vendor

Pterodactyl

Product

Panel

CWE

CWE-613

Yayın Tarihi

2026-01-06 01:16:01

Güncelleme

2026-01-12 21:29:12

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-613 Panel HIGH Pterodactyl 2026

Referanslar

https://github.com/pterodactyl/panel/commit/2bd9d8baddb0e0606e4a9d5be402f48678ac88d5 https://github.com/pterodactyl/panel/releases/tag/v1.12.0 https://github.com/pterodactyl/panel/security/advisories/GHSA-8c39-xppg-479c

Benzer Kayıtlar

Critical

CVE-2026-26016

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.…

High

CVE-2026-21696

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Starting in version…

High

CVE-2025-69199

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.…

Medium

CVE-2025-69198

Pterodactyl is a free, open-source game server management panel. Pterodactyl implements rate limits that are applied to…

Medium

CVE-2025-69197

Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below allow TOTP to be used multip…