CVE-2023-25131: 
Homebrew vulnerability analysis and mitigation

CVE-2023-25131 is a use of default password vulnerability affecting PowerPanel Business software versions 4.8.6 and earlier across multiple platforms including Windows, Linux, and MacOS. The vulnerability was discovered and disclosed on April 24, 2023. The issue exists in both Local/Remote and Management editions of the software, where upon installation or first login, the application does not require users to change the default 'admin' password (NVD).

The vulnerability is classified as an improper authentication issue (CWE-287) and specifically a use of default password vulnerability (CWE-1393). It has received a CVSS v3.1 base score of 9.8 (CRITICAL) from NIST and 9.4 (CRITICAL) from ZUSO Advanced Research Team. The attack vector is network-based (AV:N), requires low attack complexity (AC:L), needs no privileges (PR:N), and requires no user interaction (UI:N) (NVD).

The vulnerability allows remote attackers to log in to the server directly using the default credentials and perform administrative functions. This could potentially lead to complete compromise of the system's confidentiality, integrity, and availability (NVD).

Users should upgrade to versions newer than 4.8.6 of PowerPanel Business software. It is also recommended to change the default admin password immediately after installation (CyberPower Product).