{"id":"CVE-2025-34430","details":"1Panel versions 1.10.33 through 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the panel name management functionality. The affected endpoint does not implement CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that submits a panel-name change request; if a victim visits the page while authenticated, the browser includes valid session cookies and the request succeeds. This allows a remote attacker to change the victim’s panel name to an arbitrary value without consent.","aliases":["GHSA-5xpq-2vmc-5cqp","GO-2025-4230"],"modified":"2026-03-11T07:50:21.927290Z","published":"2025-12-10T19:16:13.867Z","related":["SUSE-SU-2026:0037-1"],"references":[{"type":"WEB","url":"https://1panel.pro/"},{"type":"ADVISORY","url":"https://www.vulncheck.com/advisories/1panel-csrf-panel-name-modification"},{"type":"PACKAGE","url":"https://github.com/1Panel-dev/1Panel/releases"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/1panel-dev/1panel","events":[{"introduced":"abd3c24562f64d3c70b939c934931d443dae0241"},{"last_affected":"7f9f4ae740b8fd80e06bb740a43a13836cc53a85"}],"database_specific":{"versions":[{"introduced":"1.10.33-lts"},{"last_affected":"2.0.15"}]}}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-34430.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}]}