CyberPanel rushes security patch after crypto-mining malware exploits critical 0-day vulnerability

Today, on the WebHostingTalk.com forums, a user named “mobin” raised concerns about a severe CyberPanel issue, which immediately caught the attention of the online community. Mobin reported an alarming CPU spike on their server, which they traced back to crypto-mining malware operating with root-level permissions.

They suggested that this malware exploited a vulnerability within CyberPanel’s control panel daemon to gain unauthorized access. Consequently, this revelation sent shockwaves through CyberPanel users, many of whom began worrying about similar vulnerabilities.

Meanwhile, cybersecurity researcher DreyAnd responded with an analysis on their blog. They identified this issue as a 0-day vulnerability, allowing attackers to remotely execute code on CyberPanel systems without any authentication. DreyAnd described it as a “pre-auth RCE with root privileges,” giving attackers full control of affected systems. For those relying on CyberPanel for business-critical applications, the news highlighted serious security risks.

Additionally, more users shared issues on CyberPanel’s official forum, reporting blocked access, random 404 errors, and unexplained CPU spikes. Many users identified a process named ‘/var/tmp/kdevtmpfsi’ linked to the malware. One user, “kktsks,” described their servers as “crippled” due to the exploit, leaving them unable to perform vital tasks.

In response, CyberPanel quickly released an official statement confirming the vulnerability and describing their response. Within 30 minutes of verifying the issue, they deployed a security patch. Initially, CyberPanel refrained from publicizing the patch to prevent attackers from targeting unprotected systems. To ensure users’ safety, they urged everyone to update the software promptly.

Furthermore, CyberPanel provided detailed instructions and support options for users facing restricted SSH access. This prompt response emphasized the importance of timely security updates and transparent communication when handling security risks. Now, with the patch available, the CyberPanel community is focused on securing their systems, while developers work to improve communication and support.

Ultimately, this incident underscores the need for swift action and vigilant security practices in today’s digital world. CyberPanel’s rapid response has reassured many users, yet it also serves as a potent reminder of the persistent threats facing web infrastructure today.