CVE-2025-53534

Aliases:GHSA-fm3m-jrgm-5ppgGO-2025-3844
Advisory lineage Upstream: 0 Downstream: 2
Deferred
Published: 05 Aug 2025, 20:58
Last modified:06 Aug 2025, 19:21

Vulnerability Summary

Overall Risk (default)
medium
31/100
CVSS Score
7.7 HIGH
v4.0 (cve.org)
EPSS Score
2.3% LOW
2% probability +1.90%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

05 Aug 2025, 20:58
Published
Vulnerability first disclosed
06 Aug 2025, 19:21
Last Modified
Vulnerability information updated

Description

RatPanel is a server operation and maintenance management panel. In versions 2.3.19 through 2.5.5, when an attacker obtains the backend login path of RatPanel (including but not limited to weak default paths, brute-force cracking, etc.), they can execute system commands or take over hosts managed by the panel without logging in. In addition to this remote code execution (RCE) vulnerability, the flawed code also leads to unauthorized access. RatPanel uses the CleanPath middleware provided by github.com/go-chi/chi package to clean URLs, but but the middleware does not process r.URL.Path, which can cause the paths to be misinterpreted. This is fixed in version 2.5.6.

CVSS Metrics

  • v4.0HIGHScore: 7.7CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  • v4.0HIGHScore: 7.7CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Trends

Current EPSS score: 2.30% Percentile: 85%

Techniques & Countermeasures

  • CWE-305Authentication Bypass by Primary Weakness

    The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

Affected Systems

  • github.com/TheTNBpanel

    ≥ 0.0.0-20241111062800-91ecd04c2700

  • github.com/TheTNB/panelv2

    all

  • github.com/tnb-labspanel

    < 0.0.0-20250707071915-4985eb2e1f38

  • github.com/tnborgpanel

    ≥ 2.3.19, < 2.5.6 | ≥ 0.0.0-20241111062800-91ecd04c2700, < 0.0.0-20250707071915-4985eb2e1f38

  • tnb-labspanel

    ≥ 2.3.19, < 2.5.6

References (7)