CVE-2025-54424: 1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server
Summary
1Panel is a web management tool that controls websites, files, containers (isolated software environments), databases, and AI models on Linux servers. In versions 2.0.5 and earlier, the tool's HTTPS connection (encrypted communication) between its core system and agent components doesn't fully verify certificates (digital identification documents), allowing attackers to gain unauthorized access and execute arbitrary commands on the server.
Solution / Mitigation
Fixed in version 2.0.6. Users should update to this version or later.
Vulnerability Details
8.1(high)
EPSS: 0.4%
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-54424
First tracked: February 15, 2026 at 08:51 PM
Classified by LLM (prompt v3) · confidence: 75%