CVE-2025-34429 (CNNVD-202512-1945)
中文标题:
1Panel 跨站请求伪造漏洞
英文标题:
1Panel CSRF Web Port Configuration Change
漏洞描述
中文描述:
1Panel是中国1Panel社区的一个开源的Linux服务器运维管理面板。 1Panel 1.10.33版本至2.0.15版本存在跨站请求伪造漏洞,该漏洞源于Web端口配置功能未实施CSRF防护,可能导致服务中断或拒绝服务。
英文描述:
1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the web port configuration functionality. The port-change endpoint lacks CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that submits a port-change request; when a victim visits it while authenticated, the browser includes valid session cookies and the request succeeds. This allows an attacker to change the port on which the 1Panel web service listens, causing loss of access on the original port and resulting in service disruption or denial of service, and may unintentionally expose the service on an attacker-chosen port.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| LXware | 1Panel | - | ≤ 2.0.15 | - |
cpe:2.3:a:lxware:1panel:*:*:*:*:*:*:*:*
|
| fit2cloud | 1panel | * | - | - |
cpe:2.3:a:fit2cloud:1panel:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
4.0 (cna)
HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-34429 |
2025-12-12 03:20:59 | 2026-01-12 02:11:33 |
| NVD | nvd_CVE-2025-34429 |
2025-12-24 03:00:12 | 2026-01-12 02:27:39 |
| CNNVD | cnnvd_CNNVD-202512-1945 |
2026-01-11 06:15:04 | 2026-01-12 02:38:00 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 跨站请求伪造
- cnnvd_id: 未提取 -> CNNVD-202512-1945
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 1 -> 2
- data_sources: ['cve'] -> ['cve', 'nvd']