CVE-2025-66429HIGH 8.8EPSS p48.6%

CVE-2025-66429CVE-2025-66429

Description

An issue was discovered in cPanel 110 through 132. A directory traversal vulnerability within the Team Manager API allows for overwrite of an arbitrary file. This can allow for privilege escalation to the root user.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.71% probability of exploitation · percentile 48.6% · 2026-06-18T12:00:27Z
Published2025-12-11
Last modified2025-12-15

Underlying weaknesses· 1

CWE-22

References

  1. https://docs.cpanel.net/changelogs/126-change-log/
  2. https://docs.cpanel.net/release-notes/release-notes/

1

TypeTargetConfidenceTier
WeaknessImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')cwe-220%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-29203
CVE
CVE-2025-39491
CVE
CVE-2025-66428
CVE
CWP Control Web Panel OS Command Injection Vulnerability
CVE
CVE-2025-54530
CVE
LiteSpeed cPanel Plugin Privilege Escalation Vulnerability
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.