CVE-2018-25117 in Control Panel情報

要約

〜によって MITRE • 2025年10月15日

VestaCP commit a3f0fa1 (2018-05-31) up to commit ee03eff (2018-06-13) contain embedded malicious code that resulted in a supply-chain compromise. New installations created from the compromised installer since at least May 2018 were subject to installation of Linux/ChachaDDoS, a multi-stage DDoS bot that uses Lua for second- and third-stage components. The compromise leaked administrative credentials (base64-encoded admin password and server domain) to an external URL during installation and/or resulted in the installer dropping and executing a DDoS malware payload under local system privileges. Compromised servers were subsequently observed participating in large-scale DDoS activity. Vesta acknowledged exploitation in the wild in October 2018.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

責任者

VulnCheck

予約する

2025年10月14日

モデレーション

承諾済み

エントリ

VDB-328611

EPSS

0.00411

アクティビティ

非常低い

ソース

Do you want to use VulDB in your project?

Use the official API to access entries easily!