Home

Description

OS Command injection vulnerability in function OperateSSH in 1panel 2.0.8 allowing attackers to execute arbitrary commands via the operation parameter to the /api/v2/hosts/ssh/operate endpoint.

PUBLISHED Reserved 2025-08-16 | Published 2025-09-10 | Updated 2025-09-10 | Assigner mitre

References

github.com/August829/Yu/blob/main/20250812_1.md

github.com/August829/CVEP/issues/5

cve.org (CVE-2025-56413)

nvd.nist.gov (CVE-2025-56413)

Download JSON