CVE-2025-67888 Overview
CVE-2025-67888 is an unauthenticated OS command injection vulnerability in Control Web Panel (CWP) versions before 0.9.8.1209. The flaw resides in /admin/index.php, where the key GET parameter is not sanitized before being passed to OS command execution when the api parameter is set. Attackers can inject arbitrary shell commands that execute with root privileges on the underlying web server. Exploitation requires that either Softaculous or SitePad be installed on the target host. The issue is tracked under CWE-78 and has an EPSS percentile of 96.4, indicating elevated exploitation likelihood...
Please refer below link for more details
https://www.sentinelone.com/vulnerability-database/cve-2025-67888/
- Monday, 15th June, 2026
- 12:57pm
