Plateforme
php
Composant
pterodactyl/panel
Corrigé dans
1.12.1
1.12.0
CVE-2025-69197 is a security vulnerability affecting Pterodactyl Panel versions up to 1.9.2. This flaw allows an attacker to bypass two-factor authentication (2FA) by re-using intercepted tokens, provided they also possess valid username and password credentials. The vulnerability has been published on 2026-01-06 and a fix is available in version 1.12.0.
This vulnerability presents a significant risk to Pterodactyl Panel deployments relying on 2FA for user authentication. An attacker who can intercept a valid 2FA token, such as during a screen share or through network sniffing, can gain unauthorized access to user accounts without needing to know the user's password. This bypass effectively negates the security benefits of 2FA, potentially leading to complete account compromise and control over the associated game servers or resources managed within the panel. The attack requires pre-existing knowledge of valid username/password combinations, limiting the scope but still posing a serious threat.
CVE-2025-69197 is not currently listed on KEV. The EPSS score is likely low to medium, given the requirement for both valid credentials and token interception, making it less likely to be exploited in widespread campaigns. Public proof-of-concept (PoC) code is not yet available, but the vulnerability's nature suggests it could be relatively straightforward to exploit once a PoC is developed. The vulnerability was published on 2026-01-06.
Pterodactyl Panel deployments utilizing 2FA are at risk, particularly those running versions prior to 1.12.0. Shared hosting environments where multiple users share the same panel instance are especially vulnerable, as a compromise of one user account could potentially expose others. Organizations relying on Pterodactyl Panel for critical game server management should prioritize patching.
• php: Examine Pterodactyl Panel logs for repeated login attempts with the same token, especially if they follow a pattern of successful login followed by immediate failure.
grep '2FA token reused' /path/to/pterodactyl/logs/login.log• generic web: Monitor access logs for unusual login patterns, such as a high volume of login attempts from a single IP address within a short timeframe.
grep "login successful" /var/log/apache2/access.log | awk '{print $1}' | sort | uniq -c | sort -nr | head -10disclosure
Statut de l'Exploit
EPSS
0.01% (percentile 3%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2025-69197 is to upgrade Pterodactyl Panel to version 1.12.0 or later, which includes the fix for this vulnerability. If an immediate upgrade is not feasible, consider implementing temporary workarounds such as shortening the token validity window to minimize the attack window. Monitor panel logs for suspicious login attempts and unusual activity. While a WAF cannot directly prevent this, it can be configured to detect and block suspicious login patterns. After upgrading, confirm the fix by attempting to replay a previously captured 2FA token with valid credentials – it should be rejected.
Mettez à jour Pterodactyl Panel à la version 1.12.0 ou supérieure. Cette version corrige la vulnérabilité qui permet la réutilisation des jetons TOTP pendant leur fenêtre de validité. La mise à jour empêchera les attaquants d'intercepter et d'utiliser des jetons 2FA valides pour accéder aux comptes.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-69197 is a medium severity vulnerability in Pterodactyl Panel versions ≤v1.9.2 that allows attackers to bypass 2FA by re-using intercepted tokens with valid credentials.
You are affected if you are running Pterodactyl Panel version 1.9.2 or earlier and have 2FA enabled. Upgrade to 1.12.0 to resolve this.
Upgrade Pterodactyl Panel to version 1.12.0 or later. As a temporary workaround, shorten the token validity window.
There are no confirmed reports of active exploitation at this time, but the vulnerability's nature makes it a potential target.
Refer to the official Pterodactyl Panel security advisories on their website or GitHub repository for the latest information.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.