CVE-2025-54424
Published: 01 August 2025
Summary
CVE-2025-54424 is a high-severity Command Injection (CWE-77) vulnerability in Fit2Cloud 1Panel. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 32.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SC-17 (Public Key Infrastructure Certificates) and SC-8 (Transmission Confidentiality and Integrity).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires cryptographic mechanisms to validate certificates during HTTPS communication, directly mitigating the incomplete certificate verification that enables unauthorized access.
Mandates cryptographic mechanisms for transmission confidentiality and integrity, ensuring proper TLS implementation that includes certificate validation to block unauthorized interface access.
Establishes a risk-based process to identify, prioritize, and remediate flaws like incomplete certificate verification, preventing RCE exploitation through timely patching.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Certificate verification bypass enables unauthorized remote access to 1Panel agent WebSocket interfaces for arbitrary Unix shell command execution (T1059.004), process discovery (T1057), network connections discovery (T1049), container administration commands (T1609), via exploitation of the public-facing web management application (T1190).
NVD Description
1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. In versions 2.0.5 and below, the HTTPS protocol used for communication between the Core and Agent endpoints has incomplete certificate…
more
verification during certificate validation, leading to unauthorized interface access. Due to the presence of numerous command execution or high-privilege interfaces in 1Panel, this results in Remote Code Execution (RCE). This is fixed in version 2.0.6. The CVE has been translated from Simplified Chinese using GitHub Copilot.
Deeper analysisAI
CVE-2025-54424 is a vulnerability in 1Panel, an open-source web interface and MCP Server designed to manage websites, files, containers, databases, and LLMs on Linux servers. Affecting versions 2.0.5 and below, the issue stems from incomplete certificate verification during HTTPS communication between the Core and Agent endpoints. This flaw enables unauthorized access to the 1Panel interface, which exposes numerous command execution and high-privilege endpoints, ultimately leading to remote code execution (RCE). The vulnerability is classified under CWE-77 (Command Injection) with a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
Remote, unauthenticated attackers with network access can exploit this vulnerability despite its high attack complexity. By bypassing certificate validation, they gain unauthorized entry to sensitive interfaces, allowing execution of arbitrary commands on the host Linux server. Successful exploitation grants high-impact confidentiality, integrity, and availability compromises, potentially enabling full server takeover given 1Panel's administrative capabilities over containers, databases, and LLMs.
The vulnerability is addressed in 1Panel version 2.0.6, which vendors recommend upgrading to immediately. Details on the fix are documented in the GitHub security advisory at https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-8j63-96wh-wh3j, the release notes for v2.0.6 at https://github.com/1Panel-dev/1Panel/releases/tag/v2.0.6, and the associated pull request at https://github.com/1Panel-dev/1Panel/pull/9698/commits/4003284521f8d31ddaf7215d1c30ab8b4cdb0261. No workarounds are specified beyond patching.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Protocol-Specific Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- 1Panel is a server management platform that includes LLM management capabilities, making it an 'Other Platforms' category in AI contexts. The vulnerability is a certificate verification bypass in Core-Agent HTTPS communication leading to RCE, affecting the platform's infrastructure used for managing LLMs among other resources.