CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Nov 25, 2025

CVE-2025-48703

High

EPSS 46.4%CISA KEV

CWP/Control Web Panel

Description

CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command Injection vulnerability that allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A valid non-root username must be known.

EPSS — Exploit Probability

46.4%

Higher than 97.6% of all CVEs

Required Action

https://control-webpanel.com/changelog ; https://nvd.nist.gov/vuln/detail/CVE-2025-48703

Risk Assessment

ELEVATED

In CISA KEV

Details

Severity: High
EPSS: 46.4%
CISA KEV: Yes
Ransomware: Unknown
Articles: 0

Timeline

Published

Nov 4, 2025

Added to KEV

Nov 4, 2025

Remediation Due

Nov 25, 2025

Affected Product

CWP

Control Web Panel

View all CWP CVEs

External Links

NVD (NIST)CVE Details MITRE CVE