> About Author
Hi, I’m Sharon, a product manager at Chaitin Tech. We build SafeLine, an open-source Web Application Firewall built for real-world threats. While SafeLine focuses on HTTP-layer protection, our emergency response center monitors and responds to RCE and authentication vulnerabilities across the stack to help developers stay safe.
1Panel is an open-source Linux server management tool that simplifies operations through a sleek web UI. It supports domain binding, SSL configuration, container orchestration, audit logs, and more.
In August 2025, the 1Panel team disclosed a critical Remote Command Execution (RCE) vulnerability affecting the Pro version (<= v2.0.5) with slave nodes enabled. This issue has been fixed in v2.0.6.
Vulnerability Overview
CVE ID: CVE-2025-54424
Severity: High
Type: Remote Command Execution (RCE)
Impact: Full remote takeover
Affected: 1Panel Pro ≤ v2.0.5 with slave nodes enabled
POC Status: Publicly available
Fix Status: Patch released in v2.0.6
Root Cause
The vulnerability lies in the HTTPS communication between the Core and Agent components of 1Panel Pro.
The system failed to strictly validate TLS certificates between the core and agent.
This flaw allowed attackers to forge a certificate, bypass authentication, and access privileged internal APIs.
Some of these APIs allow command execution, meaning the attacker could ultimately run arbitrary system commands on the host, leading to full server compromise.
Potential Impact
- Command Injection: Execute arbitrary OS-level commands.
- Privilege Escalation: Gain full control of the system.
- Data Breach: Access or leak sensitive data.
- Business Risk: Total compromise of backend infrastructure.
Access Requirements:
- No valid login credentials required
- Slave node enabled
- Pro version in use
Affected Versions
- ✅ Impacted: 1Panel Pro ≤ v2.0.5 with slave nodes enabled
- ❌ Not Impacted: Community version or instances with slave node disabled
Mitigation & Fix
Official Patch
Upgrade immediately to v2.0.6, which includes a security patch:
👉 Download Latest Release
Temporary Workarounds
- Do not expose 1Panel to the public internet
Reproduction Summary
Detection Support
| Product | Status |
|---|---|
| Yuntu | PoC detection available (Aug 5) |
| Dongjian | Custom PoC detection (Aug 5) |
Timeline
- Aug 2025: Vulnerability disclosed by 1Panel
- Aug 5, 2025: Chaitin Emergency Response Lab confirms exploitability
References
Stay secure — patch your systems and avoid exposing high-risk management tools directly to the internet.
Join the SafeLine Community
If you continue to experience issues, feel free to contact SafeLine support for further assistance.