Plateforme
php
Composant
panel
Corrigé dans
3.9.1
CVE-2025-52562 is a critical Remote Code Execution (RCE) vulnerability affecting Performave Convoy Panel, a KVM server management panel. An attacker can exploit this flaw to include and execute arbitrary PHP files on the server, potentially leading to complete system compromise. This vulnerability impacts versions 3.9.0-rc.3 through 4.4.0. The vulnerability has been patched in version 4.4.1.
The impact of CVE-2025-52562 is severe. Successful exploitation allows an unauthenticated attacker to execute arbitrary code on the Convoy Panel server. This could lead to complete system takeover, including data exfiltration, modification, or deletion. An attacker could potentially gain access to sensitive server configurations, KVM virtual machine details, and user credentials. Lateral movement within the network is also a significant concern, as the attacker could leverage the compromised Convoy Panel to target other systems. The blast radius extends to any data or systems accessible from the compromised server.
CVE-2025-52562 is listed on KEV (Kernel Exploit Visibility Database), indicating a higher probability of exploitation. The CVSS score of 10 (Critical) reflects the severity of the vulnerability and the ease of exploitation. Public Proof-of-Concept (POC) code is likely to emerge given the vulnerability's nature and the critical CVSS score. While no active campaigns have been publicly reported as of the publication date (2025-06-23), the potential for exploitation remains high.
Statut de l'Exploit
EPSS
1.87% (percentile 83%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2025-52562 is to immediately upgrade Convoy Panel to version 4.4.1 or later. If upgrading is not immediately feasible, implement strict Web Application Firewall (WAF) rules to filter incoming requests, specifically targeting malicious locale and namespace parameters. These rules should block any requests containing suspicious characters or patterns that could indicate an attempt to exploit the directory traversal vulnerability. Consider implementing input validation and sanitization on the LocaleController component to prevent malicious input from being processed. After upgrading, confirm the fix by attempting to trigger the vulnerability with a crafted HTTP request and verifying that it is blocked.
Mettez à jour Convey Panel à la version 4.4.1 ou supérieure. En alternative temporaire, mettez en œuvre des règles strictes de Web Application Firewall (WAF) pour les requêtes entrantes dirigées vers les points d'extrémité vulnérables.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
It's a critical Remote Code Execution (RCE) vulnerability in Performave Convoy Panel, allowing attackers to execute code on your server.
You are affected if you're running Convoy Panel versions 3.9.0-rc.3 through 4.4.0. Check your version immediately.
Upgrade to Convoy Panel version 4.4.1. As a temporary workaround, implement strict WAF rules to block malicious requests.
No active campaigns are publicly known yet, but the high CVSS score and KEV listing suggest a high exploitation probability.
Refer to the Performave security advisory and the NVD entry for CVE-2025-52562 for detailed information.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.