Platform
php
Component
pterodactyl/panel
Fixed in
1.12.1
1.12.0
CVE-2025-69197 is a security vulnerability affecting Pterodactyl Panel versions up to 1.9.2. This flaw allows an attacker to bypass two-factor authentication (2FA) by re-using intercepted tokens, provided they also possess valid username and password credentials. The vulnerability has been published on 2026-01-06 and a fix is available in version 1.12.0.
This vulnerability presents a significant risk to Pterodactyl Panel deployments relying on 2FA for user authentication. An attacker who can intercept a valid 2FA token, such as during a screen share or through network sniffing, can gain unauthorized access to user accounts without needing to know the user's password. This bypass effectively negates the security benefits of 2FA, potentially leading to complete account compromise and control over the associated game servers or resources managed within the panel. The attack requires pre-existing knowledge of valid username/password combinations, limiting the scope but still posing a serious threat.
CVE-2025-69197 is not currently listed on KEV. The EPSS score is likely low to medium, given the requirement for both valid credentials and token interception, making it less likely to be exploited in widespread campaigns. Public proof-of-concept (PoC) code is not yet available, but the vulnerability's nature suggests it could be relatively straightforward to exploit once a PoC is developed. The vulnerability was published on 2026-01-06.
Exploit Status
EPSS
0.01% (3% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-69197 is to upgrade Pterodactyl Panel to version 1.12.0 or later, which includes the fix for this vulnerability. If an immediate upgrade is not feasible, consider implementing temporary workarounds such as shortening the token validity window to minimize the attack window. Monitor panel logs for suspicious login attempts and unusual activity. While a WAF cannot directly prevent this, it can be configured to detect and block suspicious login patterns. After upgrading, confirm the fix by attempting to replay a previously captured 2FA token with valid credentials – it should be rejected.
Update Pterodactyl Panel to version 1.12.0 or higher. This version corrects the vulnerability that allows TOTP tokens to be reused during their validity window. The update will prevent attackers from intercepting and using valid 2FA tokens to access accounts.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-69197 is a medium severity vulnerability in Pterodactyl Panel versions ≤v1.9.2 that allows attackers to bypass 2FA by re-using intercepted tokens with valid credentials.
You are affected if you are running Pterodactyl Panel version 1.9.2 or earlier and have 2FA enabled. Upgrade to 1.12.0 to resolve this.
Upgrade Pterodactyl Panel to version 1.12.0 or later. As a temporary workaround, shorten the token validity window.
There are no confirmed reports of active exploitation at this time, but the vulnerability's nature makes it a potential target.
Refer to the official Pterodactyl Panel security advisories on their website or GitHub repository for the latest information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.