CVE-2025-48703 - Control Web Panel OS Command Injection Exploited

CVE-2025-48703 is a critical OS command injection flaw in Control Web Panel (CWP) that enables remote attackers to execute arbitrary commands using crafted requests. The vulnerability lies in the file manager module’s t_total parameter, which lacks input sanitization, permitting attackers to gain control over CentOS-based hosting servers. The attack path corresponds to MITRE ATT&CK techniques T1190 (Exploit Public-Facing Application) and T1059 (Command and Scripting Interpreter). CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning of active exploitation in shared hosting and managed service environments. Exploited panels can be used for web shell deployment, cryptocurrency mining, and cross-tenant attacks, affecting hundreds of hosted sites. Since most CWP instances operate under shared privilege contexts, compromise of one account can escalate into complete server control. The business impact includes reputational damage, website defacement, and potential GDPR violations due to data theft from customer sites. Hosting providers and web administrators using CWP must urgently patch affected versions to prevent full system compromise. Without mitigation, attackers can exfiltrate credentials, alter DNS configurations, and deploy persistent malware across hosted tenants. The vendor has issued patched versions, and administrators should immediately update to the latest release. Until patched, restrict administrative access to trusted networks, deploy WAF signatures to block malicious t_total parameters, and monitor for shell activity or unusual outbound connections.