# CVE-2025-48703

> CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A valid non-root username must be known.

- **CVSS:** 9 (CRITICAL)
- **EPSS:** 67.4%
- **CISA KEV:** yes (known ransomware use)
- **CWE:** CWE-78

Canonical: https://intel.threadlinqs.com/cve/CVE-2025-48703
Full threat coverage + IOCs via the Threadlinqs MCP server (Purple tier): https://intel.threadlinqs.com/mcp