cPanel EasyApache4 update for third-party components
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2025-47947 CVE-2025-48866 CVE-2025-5025 CVE-2025-4947 |
| CWE-ID | CWE-400 CWE-295 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
EasyApache Server applications / Other server solutions |
| Vendor | cPanel, Inc |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Resource exhaustion
EUVDB-ID: #VU109658
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-47947
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when handling application/json payloads. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
Successful exploitation of the vulnerability requires that at least one rule which does a sanitiseMatchedBytes action.
MitigationInstall update from vendor's website.
Vulnerable software versionsEasyApache: 4 25-1 - 4 20201-3-3
CPE2.3- cpe:2.3:a:cpanel:easyapache:4:25-1:*:*:*:*:*:*
- cpe:2.3:a:cpanel:easyapache:4:25-2:*:*:*:*:*:*
- cpe:2.3:a:cpanel:easyapache:4:25-3:*:*:*:*:*:*
https://news.cpanel.com/easyapache4-v25-18-maintenance-and-security-release/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Resource exhaustion
EUVDB-ID: #VU110075
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-48866
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources within the sanitiseArg action. A remote attacker can send an HTTP request containing a large number of arguments, trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsEasyApache: 4 25-1 - 4 20201-3-3
CPE2.3- cpe:2.3:a:cpanel:easyapache:4:25-1:*:*:*:*:*:*
- cpe:2.3:a:cpanel:easyapache:4:25-2:*:*:*:*:*:*
- cpe:2.3:a:cpanel:easyapache:4:25-3:*:*:*:*:*:*
https://news.cpanel.com/easyapache4-v25-18-maintenance-and-security-release/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper Certificate Validation
EUVDB-ID: #VU109885
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-5025
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to libcurl does not perform pinning of the server certificate public key for HTTPS transfers when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. A remote attacker can perform Man-in-the-middle (MitM) attack and track the victim into connecting to a malicious server.
MitigationInstall update from vendor's website.
Vulnerable software versionsEasyApache: 4 25-1 - 4 20201-3-3
CPE2.3- cpe:2.3:a:cpanel:easyapache:4:25-1:*:*:*:*:*:*
- cpe:2.3:a:cpanel:easyapache:4:25-2:*:*:*:*:*:*
- cpe:2.3:a:cpanel:easyapache:4:25-3:*:*:*:*:*:*
https://news.cpanel.com/easyapache4-v25-18-maintenance-and-security-release/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper Certificate Validation
EUVDB-ID: #VU109884
Risk: Low
CVSSv4.0: 0.6 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-4947
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to missing certificate validation for QUIC connections when connecting to a host specified as an IP address in the URL. A remote attacker can perform Man-in-the-middle (MitM) attack.
Note, successful exploitation of the vulnerability requires wolfSSL to be used as the TLS backend for QUIC to trigger.
MitigationInstall update from vendor's website.
Vulnerable software versionsEasyApache: 4 25-1 - 4 20201-3-3
CPE2.3- cpe:2.3:a:cpanel:easyapache:4:25-1:*:*:*:*:*:*
- cpe:2.3:a:cpanel:easyapache:4:25-2:*:*:*:*:*:*
- cpe:2.3:a:cpanel:easyapache:4:25-3:*:*:*:*:*:*
https://news.cpanel.com/easyapache4-v25-18-maintenance-and-security-release/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
