CISA Warns of Critical Control Web Panel Flaw Threatening Thousands of Linux Servers Worldwide
CISA warns of a critical Control Web Panel (CWP) vulnerability, CVE-2025-48703, affecting Linux servers worldwide, urging organizations to patch systems immediately to prevent remote exploitation, data breaches, and cybersecurity threats.
Tech Author
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory about a new significant vulnerability in Control Web Panel (CWP), a popular Linux-based web hosting control panel that manages servers. The issue, known as CVE-2025-48703, has purportedly been exploited in real-world attacks, causing concern among the cybersecurity community.
CWP, also known as CentOS Web Panel, is widely used by enterprises and hosting providers to optimize server management efficiency. This vulnerability allows remote, unauthenticated attackers to run arbitrary commands on unpatched systems. Simply put, a hacker can get illegal access and control over specific operations on a susceptible server even if they do not have the highest level of access. The issue was originally reported to CWP developers in May 2025, and a security patch was provided a month later, version 0.9.8.1205. However, many servers remain unpatched, leaving them vulnerable to potential exploitation.
Cybersecurity firm Findsec had previously warned that the issue might be readily exploited and automated by attackers. According to Netlas.io, approximately 150,000 Control Web Panel instances are vulnerable online, with the majority of impacted servers situated in the United States (over 37,000), followed by Germany, Japan, India, France, and Canada. Meanwhile, Shodan, a prominent search engine for internet-connected devices, lists over 220,000 CWP servers that are currently online, many of which are potentially vulnerable.
Because of this risk, CISA has added CVE-2025-48703 to its list of Known Exploited Vulnerabilities (KEV) and directed all federal agencies to patch the vulnerability by November 25. This isn't the first time CWP has been exploited; comparable incidents were reported in early 2023. To avoid being targeted, users and businesses should immediately update their Control Web Panel software to the current patched version.
To summarize, the CWP vulnerability (CVE-2025-48703) poses a major danger to thousands of vulnerable systems worldwide. Patching and security monitoring must be done on a timely basis to avoid potential exploitation. To protect their systems and data from cyberattacks, organizations must prioritize the update of their Control Web Panel software and comply to CISA's security advisory.
Information referenced in this article is from Security Week
