Knowledgebase

  1. Cheap cPanel license , CloudLinux license , LiteSpeed license, Imunify360 license , etc
  2. Knowledgebase
  3. cPanel/WHM Troubleshoots
  4. Security
  5. Local Privilege Escalation Vulnerability using the Team Manager API CVE-2025-66429

  Categories

1
All In One Licenses Instructions
283
cPanel/WHM Troubleshoots
 2
KNOWN ISSUES
 3
Legal

  Categories

  Tag Cloud

cPanel /scripts/ - Powerful commands from cPanel Server is inaccessible once rebooted after installing the cPanel

  Support

  My Support Tickets   News   Knowledgebase   Downloads   Network Status   Open Ticket

Local Privilege Escalation Vulnerability using the Team Manager API CVE-2025-66429 Print

  • 0

Symptoms

In cPanel v110 or later, it was found that a Team Manager API could allow a local user to escalate to root privileges. This also affected cPanel-derived systems, such as WP Squared

 

Description

When using the Team Manager API, input was not being sufficiently validated. This allowed for an arbitrary file overwrite, which in turn allowed for escalation to root privileges. The exploit does not require any specific configuration of the server and is possible on a default installation. The CVE for this is CVE-2025-66429. 

 

Workaround

A patch has already been applied, and fixed cPanel builds have been published to correct CVE-2025-66429. If your cPanel has been updated to one of the following versions or later, then no further action is needed:

  • 11.132.0.4
  • 11.130.0.16
  • 11.126.0.37
  • 11.118.0.61
  • 11.110.0.80
Was this answer helpful?

Related Articles

Why is my cPanel AutoSSL (Powered by Sectigo) request failing for some domains? Question Why is my cPanel AutoSSL (Powered by Sectigo) request failing with this notice when... ClamAV cannot be installed on an Ubuntu 24 server Symptoms ClamAV cannot be installed on an Ubuntu 24 server.   Description The following... SSLv3 is still a selectable option for SSL Minimum Protocol setting on v132. Symptoms When setting the "SSL Minimum Protocol" setting in WHM's Mailserver Configuration... What are the minimum SSL protocol versions that Dovecot 2.4 accepts? Question What are the minimum SSL protocol versions that Dovecot 2.4 accepts? Answer... WP2: Enabling "Limit logins to verified IP addresses" option results in "Two-Factor Authentication" prompt. Symptoms After enabling WP2's "Configure Security Policies" option "Limit logins to...
Back

  Tag Cloud

cPanel /scripts/ - Powerful commands from cPanel Server is inaccessible once rebooted after installing the cPanel

  Support

  My Support Tickets   News   Knowledgebase   Downloads   Network Status   Open Ticket