The Cybersecurity and Infrastructure Security Agency (CISA) has identified a serious OS command injection vulnerability in Control Web Panel (CWP), tracked as CVE-2025-48703. This vulnerability allows unauthorized remote attackers to execute arbitrary commands on CWP installations with only knowledge of a valid non-root username. The potential exploitation of this flaw is alarming due to its low barrier to entry, making it a target for threat actors aiming to compromise exposed systems.
CISA has emphasized the urgency of addressing this vulnerability through immediate action, such as applying necessary patches and following the guidance tied to compliance requirements like BOD 22-01. As CISA added this vulnerability to its Known Exploited Vulnerabilities catalog on November 4, 2025, organizations must act quickly, as the mitigation deadline is set for November 25, 2025. Security measures include conducting infrastructure audits, monitoring for unusual activities, and implementing access control reviews to safeguard against potential exploitation from this significant threat.
👉 Pročitaj original: Cyber Security News
