Known exploited
CWP
CVE published 2025-11-04
CVE-2025-48703
CVE-2025-48703 is an OS command injection vulnerability in CWP Control Web Panel. CISA added it to the Known Exploited Vulnerabilities catalog on 2025-11-04 and set a remediation due date of 2025-11-25. Because it is in KEV, defenders should treat it as actively exploited and prioritize mitigation or removal of exposed installations.