CVE-2025-34430 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-34430 PUBLISHED CVSS 5.099999904632568 MEDIUM

1Panel contains a cross-site request forgery (CSRF) vulnerability in the panel name management functionality

EPSS 0.03% · 9.3th percentile

Risk Scores

CVSS v4.0

5.099999904632568

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS Score

0.03%

9.3th percentile

Affected Products

Vendor	Product	Versions
fit2cloud	1panel	1.10.33, 1.10.33-lts
github.com	1Panel-dev/1Panel	1.10.33
LXware	1Panel	1.10.33

Timeline

Dec 10, 2025 CVE Published
Dec 11, 2025 EPSS Score
Dec 15, 2025 EPSS Score
Dec 18, 2025 EPSS Score
Dec 22, 2025 EPSS Score
Dec 23, 2025 CVE Updated
Dec 25, 2025 EPSS Score
Dec 29, 2025 EPSS Score
Jan 2, 2026 EPSS Score
Jan 5, 2026 EPSS Score
Jan 9, 2026 EPSS Score
Jan 12, 2026 EPSS Score

References

https://github.com/1Panel-dev/1Panel/releases url
https://1panel.pro/ url
https://www.vulncheck.com/advisories/1panel-csrf-panel-name-modification third-party-advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-34430 advisory
https://1panel.pro url
https://github.com/1Panel-dev/1Panel package

Open in Interactive Console →