SB2025060505 - cPanel EasyApache4 update for third-party components

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025060505

SB2025060505 - cPanel EasyApache4 update for third-party components

Published: June 5, 2025

Security Bulletin ID SB2025060505
Severity
Medium
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 75% Low 25%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Resource exhaustion (CVE-ID: CVE-2025-47947)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when handling application/json payloads. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Successful exploitation of the vulnerability requires that at least one rule which does a sanitiseMatchedBytes action.


2) Resource exhaustion (CVE-ID: CVE-2025-48866)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources within the sanitiseArg action. A remote attacker can send an HTTP request containing a large number of arguments, trigger resource exhaustion and perform a denial of service (DoS) attack.


3) Improper Certificate Validation (CVE-ID: CVE-2025-5025)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to libcurl does not perform pinning of the server certificate public key for HTTPS transfers when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. A remote attacker can perform Man-in-the-middle (MitM) attack and track the victim into connecting to a malicious server.


4) Improper Certificate Validation (CVE-ID: CVE-2025-4947)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to missing certificate validation for QUIC connections when connecting to a host specified as an IP address in the URL. A remote attacker can perform Man-in-the-middle (MitM) attack.

Note, successful exploitation of the vulnerability requires wolfSSL to be used as the TLS backend for QUIC to trigger.


Remediation

Install update from vendor's website.

References