πŸ” CVE Alert

CVE-2025-34430

UNKNOWN 0.0

1Panel CSRF Panel Name Modification

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

1Panel versions 1.10.33 through 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the panel name management functionality. The affected endpoint does not implement CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that submits a panel-name change request; if a victim visits the page while authenticated, the browser includes valid session cookies and the request succeeds. This allows a remote attacker to change the victim’s panel name to an arbitrary value without consent.

CWE CWE-352
Vendor lxware
Product 1panel
Published Dec 10, 2025
Last Updated Mar 5, 2026
Stay Ahead of the Next One

Get instant alerts for lxware 1panel

Be the first to know when new unknown vulnerabilities affecting lxware 1panel are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

Affected Versions

LXware / 1Panel
1.10.33 ≀ 2.0.15

References

NVD β†— CVE.org β†— EPSS Data β†—
github.com: https://github.com/1Panel-dev/1Panel/releases 1panel.pro: https://1panel.pro/ vulncheck.com: https://www.vulncheck.com/advisories/1panel-csrf-panel-name-modification

Credits

av01t3x