CVE-2025-34430
- Source
- https://cve.org/CVERecord?id=CVE-2025-34430
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-34430.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-34430
- Aliases
- Downstream
- Related
- Published
- 2025-12-10T18:23:14.598Z
- Modified
- 2026-05-28T04:10:35.120694501Z
- Severity
-
- 5.1 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- 1Panel CSRF Panel Name Modification
- Details
-
1Panel versions 1.10.33 through 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the panel name management functionality. The affected endpoint does not implement CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that submits a panel-name change request; if a victim visits the page while authenticated, the browser includes valid session cookies and the request succeeds. This allows a remote attacker to change the victim’s panel name to an arbitrary value without consent.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/34xxx/CVE-2025-34430.json", "cwe_ids": [ "CWE-352" ], "cna_assigner": "VulnCheck" }- References
-
- https://1panel.pro/
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/34xxx/CVE-2025-34430.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-34430
- https://www.vulncheck.com/advisories/1panel-csrf-panel-name-modification
- https://github.com/1Panel-dev/1Panel
- https://github.com/1Panel-dev/1Panel/releases