ET WEB_SPECIFIC_APPS CentOS Web Panel Unauthenticated Remote Command Execution (CVE-2025-48703)

SID: 2063180Rev: 138 views
Sourceet/open
CreatedJune 25, 2025
UpdatedJune 25, 2025
Classificationweb-application-attack
alert http any any -> $HOME_NET 2083 (msg:"ET WEB_SPECIFIC_APPS CentOS Web Panel Unauthenticated Remote Command Execution (CVE-2025-48703)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"module|3d|filemanager"; fast_pattern; content:"acc|3d|changePerm"; http.request_body; content:"t_total"; pcre:"/^.{1,10}(?:[\x3b\x24\x27\x60\x7c]|\x25(?:3[bB]|2[47]|60|7[cC]))/R"; reference:url,fenrisk.com/rce-centos-webpanel; reference:cve,2025-48703; classtype:web-application-attack; sid:2063180; rev:1; metadata:attack_target Server, created_at 2025_06_25, cve CVE_2025_48703, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Exploit, updated_at 2025_06_25, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)

References

urlfenrisk.com/rce-centos-webpanel
cve2025-48703

Metadata

attack targetServer
created at2025_06_25
deploymentInternal
confidenceHigh
signature severityMajor
tagExploit
updated at2025_06_25
mitre tactic idTA0001
mitre tactic nameInitial_Access
mitre technique idT1190
mitre technique nameExploit_Public_Facing_Application

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!