CVE-2025-54424: 
vulnerability analysis and mitigation

CVE-2025-54424 affects 1Panel, a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on Linux servers. The vulnerability was discovered on July 26, 2025, and disclosed on August 1, 2025. In versions 2.0.5 and below, the HTTPS protocol used for communication between the Core and Agent endpoints has incomplete certificate verification during certificate validation, which can lead to unauthorized interface access (GitHub Advisory, NVD).

The vulnerability stems from the use of tls.RequireAnyClientCert instead of tls.RequireAndVerifyClientCert in the TLS configuration. This only requires clients to provide a certificate without validating the certificate's CA signature. The system only verifies that the certificate's CN field is 'panel_client' without verifying the certificate issuer. Additionally, WebSocket connections can bypass Proxy-ID verification. The vulnerability has been assigned a CVSS v3.1 base score of 8.1 (High) with vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H (GitHub Advisory).

Due to the presence of numerous command execution and high-privilege interfaces in 1Panel, this vulnerability can result in Remote Code Execution (RCE). Attackers can potentially access sensitive process information, execute arbitrary commands through Terminal SSH WebSocket interface, and interact with container terminals (GitHub Advisory).

The vulnerability has been fixed in version 2.0.6. Users should upgrade to this version to resolve the certificate validation issue. The fix includes proper certificate verification implementation (GitHub Release).