Plattform
go
Komponente
github.com/donknap/dpanel
Behoben in
1.9.3
1.9.2
CVE-2025-66292 describes an arbitrary file deletion vulnerability discovered in DPanel, a Go-based control panel software. This vulnerability allows an attacker to delete files on the server, potentially leading to data loss or system compromise. The vulnerability exists in the /api/common/attach/delete interface and affects versions of DPanel prior to 1.9.2. A fix has been released in version 1.9.2.
The arbitrary file deletion vulnerability in DPanel poses a significant risk to system integrity and data confidentiality. An attacker exploiting this flaw could delete critical system files, configuration files, or user data, leading to denial of service or complete system failure. The ability to delete arbitrary files also allows for potential privilege escalation, as an attacker could remove files necessary for access control or authentication. The blast radius extends to any data stored on the server accessible through the vulnerable interface. While no specific real-world exploitation has been publicly reported, the ease of exploitation makes it a high-priority concern.
CVE-2025-66292 is not currently listed on the CISA KEV catalog. The EPSS score is likely to be medium, given the vulnerability's ease of exploitation and potential impact. Public proof-of-concept (PoC) code is currently unavailable, but the vulnerability's nature suggests it could be easily exploited. The vulnerability was publicly disclosed on 2026-01-23.
Organizations running DPanel, particularly those hosting websites or applications with sensitive data, are at risk. Shared hosting environments utilizing DPanel are especially vulnerable, as a compromise of one user's account could potentially impact other users on the same server. Legacy DPanel installations with outdated configurations are also at increased risk.
• go / server: Inspect DPanel logs for suspicious requests to /api/common/attach/delete with unusual parameters. Monitor file system integrity for unexpected deletions.
journalctl -u dpanel | grep '/api/common/attach/delete'• generic web: Monitor access logs for requests to /api/common/attach/delete originating from unusual IP addresses or user agents.
grep '/api/common/attach/delete' /var/log/apache2/access.logdisclosure
Exploit-Status
EPSS
0.05% (16% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-66292 is to immediately upgrade DPanel to version 1.9.2 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict access to the /api/common/attach/delete endpoint using a web application firewall (WAF) or reverse proxy, enforcing strict input validation and access controls. Monitor system logs for suspicious file deletion activity, particularly targeting sensitive directories. Implement file integrity monitoring (FIM) to detect unauthorized modifications. After upgrading, verify the fix by attempting to access the /api/common/attach/delete endpoint with invalid or malicious parameters and confirming that file deletion is prevented.
Actualice DPanel a la versión 1.9.2 o superior. Esta versión corrige la vulnerabilidad de eliminación arbitraria de archivos. La actualización se puede realizar descargando la nueva versión desde el repositorio oficial y reemplazando los archivos existentes.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-66292 is a vulnerability in DPanel allowing attackers to delete arbitrary files. It has a CVSS score of 8.1 (HIGH) and affects versions before 1.9.2.
You are affected if you are running DPanel version 1.9.2 or earlier. Check your DPanel version and upgrade immediately if necessary.
Upgrade DPanel to version 1.9.2 or later. As a temporary workaround, restrict access to the /api/common/attach/delete endpoint using a WAF or proxy.
There is currently no evidence of active exploitation, but the vulnerability's ease of exploitation warrants prompt patching.
Refer to the DPanel official website and GitHub repository for the latest security advisories and patch releases.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine go.mod-Datei hoch und wir sagen dir sofort, ob du betroffen bist.