Platform
php
Component
panel
Opgelost in
3.9.1
CVE-2025-52562 is a critical Remote Code Execution (RCE) vulnerability affecting Performave Convoy Panel, a KVM server management panel. An attacker can exploit this flaw to include and execute arbitrary PHP files on the server, potentially leading to complete system compromise. This vulnerability impacts versions 3.9.0-rc.3 through 4.4.0. The vulnerability has been patched in version 4.4.1.
The impact of CVE-2025-52562 is severe. Successful exploitation allows an unauthenticated attacker to execute arbitrary code on the Convoy Panel server. This could lead to complete system takeover, including data exfiltration, modification, or deletion. An attacker could potentially gain access to sensitive server configurations, KVM virtual machine details, and user credentials. Lateral movement within the network is also a significant concern, as the attacker could leverage the compromised Convoy Panel to target other systems. The blast radius extends to any data or systems accessible from the compromised server.
CVE-2025-52562 is listed on KEV (Kernel Exploit Visibility Database), indicating a higher probability of exploitation. The CVSS score of 10 (Critical) reflects the severity of the vulnerability and the ease of exploitation. Public Proof-of-Concept (POC) code is likely to emerge given the vulnerability's nature and the critical CVSS score. While no active campaigns have been publicly reported as of the publication date (2025-06-23), the potential for exploitation remains high.
Exploit Status
EPSS
1.87% (83% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2025-52562 is to immediately upgrade Convoy Panel to version 4.4.1 or later. If upgrading is not immediately feasible, implement strict Web Application Firewall (WAF) rules to filter incoming requests, specifically targeting malicious locale and namespace parameters. These rules should block any requests containing suspicious characters or patterns that could indicate an attempt to exploit the directory traversal vulnerability. Consider implementing input validation and sanitization on the LocaleController component to prevent malicious input from being processed. After upgrading, confirm the fix by attempting to trigger the vulnerability with a crafted HTTP request and verifying that it is blocked.
Update Convoy Panel naar versie 4.4.1 of hoger. Als tijdelijke workaround, implementeer strikte Web Application Firewall (WAF) regels voor inkomende requests gericht op de kwetsbare endpoints.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
It's a critical Remote Code Execution (RCE) vulnerability in Performave Convoy Panel, allowing attackers to execute code on your server.
You are affected if you're running Convoy Panel versions 3.9.0-rc.3 through 4.4.0. Check your version immediately.
Upgrade to Convoy Panel version 4.4.1. As a temporary workaround, implement strict WAF rules to block malicious requests.
No active campaigns are publicly known yet, but the high CVSS score and KEV listing suggest a high exploitation probability.
Refer to the Performave security advisory and the NVD entry for CVE-2025-52562 for detailed information.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.