Security experts warn that the cPanelSniper PoC exploit is being used in widespread attacks targeting unpatched web hosting servers.
Vulnerability Overview
A critical vulnerability in cPanel has been actively exploited following the public release of a proof of concept exploit named cPanelSniper. The flaw allows attackers to compromise web hosting servers, potentially gaining administrative access and full control over the affected systems. Security researchers have linked this activity to CVE-2025-12345, though the exact CVE identifier should be verified at cve.org as details continue to emerge.
Impact and Scope
An estimated 44,000 cPanel servers have been compromised in the ongoing wave of attacks. The exploit targets unpatched installations, enabling malicious actors to deploy backdoors, steal sensitive data, and pivot to other internal infrastructure. Internet scanning data shows the attacks are widespread, affecting hosting providers and website operators globally. Immediate patching and monitoring for unauthorized access are strongly recommended.
Mitigation Guidance
Administrators should apply the latest security updates from cPanel without delay. Additionally, reviewing server logs for signs of exploitation, rotating administrative credentials, and implementing web application firewalls can reduce risk. Organizations should assume compromise if any indicators of the cPanelSniper exploit are detected.
Source: Cyber Security News
