ZPanel includes a helper binary named zsudo, intended to allow restricted privilege escalation for administrative tasks. However, when misconfigured in /etc/sudoers, zsudo can be invoked by low-privileged users to execute arbitrary commands as root. This flaw enables local attackers with shell access to escalate privileges by writing a payload to a writable directory and executing it via zsudo. The vulnerability is particularly impactful in post-exploitation scenarios following web server compromise, where the attacker inherits access to zsudo.
Metrics
Affected Vendors & Products
References
History
Tue, 05 Aug 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 05 Aug 2025 07:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Zpanel
Zpanel zpanel |
|
Vendors & Products |
Zpanel
Zpanel zpanel |
Mon, 04 Aug 2025 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | ZPanel includes a helper binary named zsudo, intended to allow restricted privilege escalation for administrative tasks. However, when misconfigured in /etc/sudoers, zsudo can be invoked by low-privileged users to execute arbitrary commands as root. This flaw enables local attackers with shell access to escalate privileges by writing a payload to a writable directory and executing it via zsudo. The vulnerability is particularly impactful in post-exploitation scenarios following web server compromise, where the attacker inherits access to zsudo. | |
Title | ZPanel zsudo Local Privilege Escalation | |
Weaknesses | CWE-269 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: VulnCheck
Published: 2025-08-04T18:03:58.414Z
Updated: 2025-08-05T15:53:09.254Z
Reserved: 2025-08-01T15:15:33.216Z
Link: CVE-2013-10052

Updated: 2025-08-05T15:52:56.645Z

Status : Awaiting Analysis
Published: 2025-08-04T18:15:33.923
Modified: 2025-08-05T16:15:27.273
Link: CVE-2013-10052

No data.