Cyber Posture

CVE-2025-25871

HighPublic PoC

Published: 14 March 2025

Published
14 March 2025
Modified
03 April 2025
KEV Added
Patch
CVSS Score 8.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0029 52.4th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-25871 is a high-severity Improper Preservation of Permissions (CWE-281) vulnerability in Openpanel Openpanel. Its CVSS base score is 8.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 47.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates CVE-2025-25871 by requiring timely remediation of the privilege escalation flaw through patching to Open Panel v0.3.5 or later.

AC-6 Least Privilege good match
prevent

Enforces least privilege to restrict low-privileged remote attackers from successfully escalating via the Fix Permissions function.

AC-3 Access Enforcement partial match
prevent

Requires enforcement of approved access authorizations, addressing the improper preservation of permissions (CWE-281) in the vulnerable function.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

The CVE explicitly describes a remote privilege escalation vulnerability in the Fix Permissions function of a public-facing web control panel (Open Panel), directly enabling exploitation of public-facing applications (T1190) and exploitation for privilege escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

An issue in Open Panel v.0.3.4 allows a remote attacker to escalate privileges via the Fix Permissions function

Deeper analysisAI

CVE-2025-25871 is a privilege escalation vulnerability affecting Open Panel version 0.3.4. The flaw resides in the Fix Permissions function, which allows a remote attacker to elevate their privileges. Published on 2025-03-14, it carries a CVSS v3.1 base score of 8.0 (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H) and maps to CWE-281 (Improper Preservation of Permissions).

A remote attacker with low privileges can exploit the vulnerability over the network with low attack complexity, though it requires user interaction. Successful exploitation results in high impacts to confidentiality, integrity, and availability, specifically enabling privilege escalation.

The OpenPanel changelog for version 0.3.5 references security fixes addressing this issue, indicating that upgrading to 0.3.5 mitigates the vulnerability. Further details are provided in advisories hosted on PacketStorm.

Details

CWE(s)
CWE-281

Affected Products

openpanel
openpanel
0.3.4

CVEs Like This One

CVE-2024-53582Same product: Openpanel Openpanel
CVE-2024-53537Same product: Openpanel Openpanel
CVE-2024-53584Same product: Openpanel Openpanel
CVE-2024-55507Shared CWE-281
CVE-2024-56973Shared CWE-281
CVE-2025-30456Shared CWE-281
CVE-2025-30449Shared CWE-281
CVE-2025-25711Shared CWE-281
CVE-2024-56192Shared CWE-281
CVE-2025-31184Shared CWE-281

References