CVE-2025-53534

RatPanel is a server operation and maintenance management panel. In versions 2.3.19 through 2.5.5, when an attacker obtains the backend login path of RatPanel (including but not limited to weak default paths, brute-force cracking, etc.), they can execute system commands or take over hosts managed by the panel without logging in. In addition to this remote code execution (RCE) vulnerability, the flawed code also leads to unauthorized access. RatPanel uses the CleanPath middleware provided by github.com/go-chi/chi package to clean URLs, but but the middleware does not process r.URL.Path, which can cause the paths to be misinterpreted. This is fixed in version 2.5.6.

CVSS

No CVSS.

References

Link	Resource
https://github.com/tnborg/panel/commit/ed5c74c7534230ba685273504af4c1e1e3598ff1
https://github.com/tnborg/panel/releases/tag/v2.5.6
https://github.com/tnborg/panel/security/advisories/GHSA-fm3m-jrgm-5ppg
https://github.com/tnborg/panel/security/advisories/GHSA-fm3m-jrgm-5ppg

Configurations

No configuration.

History

06 Aug 2025, 20:23

Type	Values Removed	Values Added
References	~~() https://github.com/tnborg/panel/security/advisories/GHSA-fm3m-jrgm-5ppg -~~	() https://github.com/tnborg/panel/security/advisories/GHSA-fm3m-jrgm-5ppg -
Summary		(es) RatPanel es un panel de gestión de operaciones y mantenimiento de servidores. En las versiones 2.3.19 a 2.5.5, cuando un atacante obtiene la ruta de acceso del backend de RatPanel (incluyendo, entre otras, rutas predeterminadas débiles, ataques de fuerza bruta, etc.), puede ejecutar comandos del sistema o tomar el control de los hosts administrados por el panel sin iniciar sesión. Además de esta vulnerabilidad de ejecución remota de código (RCE), el código defectuoso también permite accesos no autorizados. RatPanel utiliza el middleware CleanPath, proporcionado por el paquete github.com/go-chi/chi, para limpiar las URL, pero este middleware no procesa r.URL.Path, lo que puede provocar la malinterpretación de las rutas. Esto se solucionó en la versión 2.5.6.

05 Aug 2025, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-05 21:15

Updated : 2025-08-06 20:23

NVD link : CVE-2025-53534

Mitre link : CVE-2025-53534

CVE.ORG link : CVE-2025-53534

JSON object : View

Products Affected

No product.

CWE

CWE-305

Authentication Bypass by Primary Weakness

{"id": "CVE-2025-53534", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-05T21:15:38.897", "references": [{"url": "https://github.com/tnborg/panel/commit/ed5c74c7534230ba685273504af4c1e1e3598ff1", "source": "security-advisories@github.com"}, {"url": "https://github.com/tnborg/panel/releases/tag/v2.5.6", "source": "security-advisories@github.com"}, {"url": "https://github.com/tnborg/panel/security/advisories/GHSA-fm3m-jrgm-5ppg", "source": "security-advisories@github.com"}, {"url": "https://github.com/tnborg/panel/security/advisories/GHSA-fm3m-jrgm-5ppg", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-305"}]}], "descriptions": [{"lang": "en", "value": "RatPanel is a server operation and maintenance management panel. In versions 2.3.19 through 2.5.5, when an attacker obtains the backend login path of RatPanel (including but not limited to weak default paths, brute-force cracking, etc.), they can execute system commands or take over hosts managed by the panel without logging in. In addition to this remote code execution (RCE) vulnerability, the flawed code also leads to unauthorized access. RatPanel uses the CleanPath middleware provided by github.com/go-chi/chi package to clean URLs, but but the middleware does not process r.URL.Path, which can cause the paths to be misinterpreted. This is fixed in version 2.5.6."}, {"lang": "es", "value": "RatPanel es un panel de gesti\u00f3n de operaciones y mantenimiento de servidores. En las versiones 2.3.19 a 2.5.5, cuando un atacante obtiene la ruta de acceso del backend de RatPanel (incluyendo, entre otras, rutas predeterminadas d\u00e9biles, ataques de fuerza bruta, etc.), puede ejecutar comandos del sistema o tomar el control de los hosts administrados por el panel sin iniciar sesi\u00f3n. Adem\u00e1s de esta vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE), el c\u00f3digo defectuoso tambi\u00e9n permite accesos no autorizados. RatPanel utiliza el middleware CleanPath, proporcionado por el paquete github.com/go-chi/chi, para limpiar las URL, pero este middleware no procesa r.URL.Path, lo que puede provocar la malinterpretaci\u00f3n de las rutas. Esto se solucion\u00f3 en la versi\u00f3n 2.5.6."}], "lastModified": "2025-08-06T20:23:52.133", "sourceIdentifier": "security-advisories@github.com"}