Strix
26.1K

CVE-2025-30206

CRITICALCVSS 9.8/10EPSS 0.72%

Last modified

CVE-2025-30206 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Dpanel is a Docker visualization panel system which provides complete Docker management functions. The Dpanel service contains a hardcoded JWT secret in its default configuration, allowing attackers to generate valid JWT tokens and compromise the host machine. EPSS estimates a 0.72% chance of exploitation in the next 30 days.

Description

Dpanel is a Docker visualization panel system which provides complete Docker management functions. The Dpanel service contains a hardcoded JWT secret in its default configuration, allowing attackers to generate valid JWT tokens and compromise the host machine. This security flaw allows attackers to analyze the source code, discover the embedded secret, and craft legitimate JWT tokens. By forging these tokens, an attacker can successfully bypass authentication mechanisms, impersonate privileged users, and gain unauthorized administrative access. Consequently, this enables full control over the host machine, potentially leading to severe consequences such as sensitive data exposure, unauthorized command execution, privilege escalation, or further lateral movement within the network environment. This issue is patched in version 1.6.1. A workaround for this vulnerability involves replacing the hardcoded secret with a securely generated value and load it from secure configuration storage.

Metrics

CVSS 3.1
9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.72%

49.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

References

Timeline

Published
Last Modified
Status
Deferred

Frequently Asked Questions

What is CVE-2025-30206?
Dpanel is a Docker visualization panel system which provides complete Docker management functions. The Dpanel service contains a hardcoded JWT secret in its default configuration, allowing attackers to generate valid JWT tokens and compromise the host machine. This security flaw allows attackers to analyze the source code, discover the embedded secret, and craft legitimate JWT tokens. By forging these tokens, an attacker can successfully bypass authentication mechanisms, impersonate privileged users, and gain unauthorized administrative access. Consequently, this enables full control over the host machine, potentially leading to severe consequences such as sensitive data exposure, unauthorized command execution, privilege escalation, or further lateral movement within the network environment. This issue is patched in version 1.6.1. A workaround for this vulnerability involves replacing the hardcoded secret with a securely generated value and load it from secure configuration storage.
How severe is CVE-2025-30206?
CVE-2025-30206 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 0.72% probability of exploitation in the next 30 days.
How do I fix CVE-2025-30206?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-30206?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST