The flaw allows remote attackers to take over hosting control panels without a password, with exploit code already circulating in the criminal underground.
Vulnerability Details
A critical security flaw in cPanel, identified as CVE-2025-2078, allows an unauthenticated attacker to bypass the login process and gain full administrative access to hosted websites. The vulnerability exists in the authentication mechanism that manages how cPanel verifies user sessions. By sending specially crafted HTTP requests, an attacker can trick the software into granting access without providing a valid username or password. This issue affects all versions of cPanel prior to version 110.0.13.
Impact and Exploitation
Security researchers have confirmed that this vulnerability is being actively exploited in the wild, with proof of concept code publicly released. The impact is severe because cPanel is widely used by web hosting providers to manage thousands of websites from a single dashboard. A successful attack could allow a threat actor to modify files, steal sensitive data, install backdoors, or compromise every website under the compromised account. Web hosting administrators are strongly advised to apply the latest security patch immediately and review server logs for signs of unauthorized access.
Mitigation and Response
The cPanel development team has released a fixed version (110.0.13) that resolves the authentication bypass issue. There are no workarounds for older versions, so upgrading is the only effective mitigation. Administrators should also enforce multi factor authentication for all cPanel accounts and restrict access to the management interface using IP allowlisting. Organizations using third party hosting should verify with their provider that the patch has been applied.
Source: Cyber Security News
