Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-34429
PUBLISHED
More InfoOfficial Page
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
View Known Exploited Vulnerability (KEV) details
Published At-10 Dec, 2025 | 18:23
Updated At-11 Dec, 2025 | 18:54
Rejected At-
▼CVE Numbering Authority (CNA)
1Panel CSRF Web Port Configuration Change

1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the web port configuration functionality. The port-change endpoint lacks CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that submits a port-change request; when a victim visits it while authenticated, the browser includes valid session cookies and the request succeeds. This allows an attacker to change the port on which the 1Panel web service listens, causing loss of access on the original port and resulting in service disruption or denial of service, and may unintentionally expose the service on an attacker-chosen port.

Affected Products
Vendor
LXware
Product
1Panel
Repo
https://github.com/1Panel-dev/1Panel
Default Status
unknown
Versions
Affected
  • From 1.10.33 through 2.0.15 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
4.07.0HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 7.0
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
av01t3x
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/1Panel-dev/1Panel/releases
product
https://1panel.pro/
product
https://www.vulncheck.com/advisories/1panel-csrf-web-port-configuration-change
third-party-advisory
Hyperlink: https://github.com/1Panel-dev/1Panel/releases
Resource:
product
Hyperlink: https://1panel.pro/
Resource:
product
Hyperlink: https://www.vulncheck.com/advisories/1panel-csrf-web-port-configuration-change
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found