VDB
CVE-2025-68954
CVE-2025-68954
PUBLISHED
CVSS 7.5 HIGH
Pterodactyl does not revoke SFTP access when server is deleted or permissions reduced
EPSS 0.01% · 1.4th percentile
Risk Scores
CVSS 4.0
7.5
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.01%
1.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| pterodactyl | panel | 0 |
| github.com | pterodactyl/wings | 0 |
| pterodactyl | wings | 0 |
| pterodactyl | panel | 0, * |
Exploit Intelligence
- https://github.com/pterodactyl/panel/security/advisories/GHSA-8c39-xppg-479c (circl)
- https://github.com/pterodactyl/panel/commit/2bd9d8baddb0e0606e4a9d5be402f48678ac88d5 (circl)
- https://github.com/pterodactyl/panel/releases/tag/v1.12.0 (circl)
- ghost_report_20260113_010235.json (github-poc)
- ghost_report_20260113_010235.json (github-poc)
- ghost_report_20260113_010235.json (github-poc)
- ghost_report_20260113_010235.json (github-poc)
- ghost_report_20260113_010235.json (github-poc)
- ghost_report_20260113_010235.json (github-poc)
Timeline
- Jan 6, 2026 CVE Published
- Jan 6, 2026 EPSS Score
- Jan 9, 2026 EPSS Score
- Jan 12, 2026 EPSS Score
- Jan 16, 2026 EPSS Score
- Jan 19, 2026 EPSS Score
- Jan 22, 2026 EPSS Score
- Jan 25, 2026 EPSS Score
- Jan 29, 2026 EPSS Score
- Feb 1, 2026 EPSS Score
- Feb 4, 2026 EPSS Score
- Feb 7, 2026 EPSS Score
References
- https://github.com/pterodactyl/panel/security/advisories/GHSA-8c39-xppg-479c url
- https://github.com/pterodactyl/panel/commit/2bd9d8baddb0e0606e4a9d5be402f48678ac88d5 url
- https://github.com/pterodactyl/panel/releases/tag/v1.12.0 url
- https://nvd.nist.gov/vuln/detail/CVE-2025-68954 advisory
- https://github.com/pterodactyl/panel package