Is github.com/1Panel-dev/1Panel affected by CVE-2025-34430?

Go github.com/1Panel-dev/1Panel is affected in >=0.

Is CVE-2025-34430 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.2%.

medium

CVE-2025-34430

Summary

1Panel contains a cross-site request forgery (CSRF) vulnerability in the panel name management functionality in github.com/1Panel-dev/1Panel

Severity: medium
EPSS: 0.2% (p7)
Also known as: GHSA-5xpq-2vmc-5cqp, GO-2025-4230
Published: 2025-12-15

References

https://github.com/advisories/GHSA-5xpq-2vmc-5cqp
https://nvd.nist.gov/vuln/detail/CVE-2025-34430
https://1panel.pro

Related advisories

CVE-2025-34410 — medium · Go/github.com/1Panel-dev/1Panel
CVE-2025-34429 — medium · Go/github.com/1Panel-dev/1Panel
CVE-2025-66508 — medium · Go/github.com/1Panel-dev/1Panel

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.