CVE-2025-34410 in 1Panelinfo

Zusammenfassung

von MITRE • 10.12.2025

1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the Change Username functionality available from the settings panel (/settings/panel). The endpoint does not implement CSRF protections such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that submits a username-change request; when a victim visits the page while authenticated, the browser includes valid session cookies and the request succeeds. This allows an attacker to change the victim’s 1Panel username without consent. After the change, the victim is logged out and unable to log in with the previous username, resulting in account lockout and denial of service.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

VulnCheck

Reservieren

15.04.2025

Veröffentlichung

10.12.2025

Moderieren

akzeptiert

Eintrag

VDB-335618

CPE

bereit

CWE

CWE-352 (bestätigt)

CVSS

7.1 (NVD)

EPSS

0.00041

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-34410
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-34410
CVE Details	https://www.cvedetails.com/cve/CVE-2025-34410/

◂ Zurück Übersicht Weiter ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!