ICSA-24-123-01 · Published 2025-08-07 · View on CISA ICS-CERT ↗

CyberPower PowerPanel Business

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could result in an attacker bypassing authentication and gaining administrator privileges, forging JWT tokens to bypass authentication, writing arbitrary files to the server and acheiving code execution, gaining access to services with the privileges of a Powerpanel Business application, gaining access to the testing or production server, learning passwords and authenticating with user or administrator privileges, injecting SQL syntax, writing arbitrary files to the system, executing remote code, impersonating any client in the system and sending malicious data, or obtaining data from throughout the system after gaining access to any device.

CVEs (9)

CVE-2024-34025 CVE-2024-33625 CVE-2024-33615 CVE-2024-32053 CVE-2024-32047 CVE-2024-32042 CVE-2024-31856 CVE-2024-31410 CVE-2024-31409

Remediations

CyberPower has released a new version of PowerPanel Business that fixes these vulnerabilities:
PowerPanel Business: Update to v4.10.1 or later version

Affected Vendors

CyberPower

Affected Products (1)

CyberPower · PowerPanel Business <=4.9.0

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more