CVE-2024-51567: Remote Code Execution Vulnerability in CyberPanel

Author: Nethanel Gelernter, Co-Founder and CTO

Published: October 29, 2024

What is CVE-2024-51567?

CVE-2024-51567 is a remote code execution (RCE) vulnerability affecting CyberPanel, a popular open-source control panel for Linux servers. The flaw allows attackers to execute arbitrary code on affected systems without authentication, exposing organizations to critical risk.

  • Exploit status: Public exploit available; actively exploited in the wild.
  • Current patch status: Patch released but not yet in main release; users must manually update.
  • Reference: NIST CVE-2024-51567

Who is Impacted?

If you run CyberPanel version 2.3.6 or earlier, your servers may be vulnerable. The maintainers have released a patch, but it is not yet part of the main release. Immediate action is recommended.

Remediation Steps

  1. Upgrade to the latest patched version from CyberPanel GitHub.
  2. Monitor for suspicious activity and review server logs.
  3. Use IONIX to automatically discover and inventory impacted assets.

How IONIX Helps You Respond to CyberPanel Vulnerabilities

  • Complete Asset Discovery: IONIX's ML-based Connective Intelligence finds all exposed CyberPanel instances, including shadow IT and unmanaged assets.
  • Risk Prioritization: Threat Exposure Radar ranks vulnerabilities like CVE-2024-51567 by severity and business context, so you focus on what matters.
  • Streamlined Remediation: IONIX provides actionable steps and integrates with ticketing (Jira, ServiceNow) and SIEM/SOAR tools for rapid response.
  • Continuous Monitoring: IONIX tracks your attack surface as it changes, alerting you to new exposures and validating remediation.

Real Customer Success: E.ON used IONIX to continuously discover and remediate internet-facing vulnerabilities, improving risk management and operational efficiency.

Why Choose IONIX for Vulnerability Management?

  • Better Discovery: Finds more assets with fewer false positives than competitors.
  • Focused Threat Exposure: Prioritizes the most urgent vulnerabilities for remediation.
  • Comprehensive Coverage: Maps digital supply chains and external web footprint to the nth degree.
  • Fast Deployment: Initial setup takes about a week, requiring minimal resources.
  • Dedicated Support: Customers receive a dedicated account manager and access to onboarding resources.

Frequently Asked Questions

How does IONIX identify CyberPanel vulnerabilities?

IONIX automatically scans your external assets and flags vulnerable CyberPanel instances in the Threat Center, enabling rapid identification and remediation.

What integrations does IONIX support for vulnerability management?

IONIX integrates with Jira, ServiceNow, Splunk, Microsoft Sentinel, Palo Alto Cortex/Demisto, and AWS services for streamlined remediation workflows.

How quickly can IONIX be deployed to address urgent vulnerabilities?

IONIX can be deployed in about a week, with onboarding resources and a dedicated support team to ensure immediate time-to-value.

What support does IONIX offer for vulnerability remediation?

IONIX provides technical support, maintenance, and a dedicated account manager to assist with troubleshooting, upgrades, and ongoing risk management.

References

See IONIX in Action

Watch a short demo to see how IONIX helps you find and fix exploits fast.

Watch IONIX Demo
Go back to All Blog posts

CVE-2024-51567 Code Execution Vulnerability in CyberPanel

Nethanel Gelernter
Nethanel Gelernter Co-Founder and CTO LinkedIn
October 29, 2024
RCE CyberPanel

IONIX Tracks CyberPanel Remote Code Execution (CVE-2024-51567) – See if You’re Impacted

This post is based on ongoing security research – and will continue to be updated as we get additional information…

What is CyberPanel?

CyberPanel is a free and open-source control panel for Linux servers, designed to simplify web hosting and server management tasks.

CyberPanel RCE

A recent vulnerability was discovered in CyberPanel, allowing an easy remote code execution on the affected machines. The vulnerability is known to be exploited in the wild and an exploit is publicly available. According to an article on DreyAnd, “This lead to a 0-click pre-auth root RCE on the latest version (2.3.6 as of now). It’s currently still “unpatched”, as in, the maintainers have been notified, a patch has been done but still waiting for the CVE & for the fix to make the make it to he main release.”

NIST Database article for CVE-2024-51567 is here.

We recommend upgrading to the latest version available in Github (patch is referenced). IONIX customers will find impacted assets easily identified in the threat center of the IONIX portal.

From the CyberPanel website:
“Recently, two security experts contacted us about a code-level vulnerability in CyberPanel. Specifically, we missed a condition in the code that could expose certain server details valuable to hackers.

NOTE: We’re not sharing the exact location of the vulnerability to avoid exposing servers that still need updating.

When the experts informed us about the issue, we immediately reviewed their findings and released a security patch within 30 minutes. If the experts are reading this, they know how swiftly we acted. They later advised us to announce this issue publicly, but we requested to hold off to allow users time to update for security reasons. Though we didn’t initially announce it, a routine update included the security patch.

Unfortunately, the information was revealed on a third-party site, leading to concerns among our users.”

References

What Are My OPTIONS? CyberPanel v2.3.6 pre-auth RCE DreyAnd’s Web Security Blog where the vulnerability was identified.
NIST Database article
Github patch
CyberPanel blog with additional information on the exposure.

WATCH A SHORT IONIX DEMO

See how easy it is to implement a CTEM program with IONIX. Find and fix exploits fast.

THE LATEST FROM IONIX

Tal Zamir
August 29, 2025
FreePBX Authentication Bypass Leading to SQL Injection and RCE (CVE-2025-57819)
Learn more
Tal Zamir
August 27, 2025
CVE-2025-7775: Memory Overflow Vulnerability in Citrix NetScaler ADC and Gateway
Learn more
Marc Gaffan
August 11, 2025
Why Gartner Declared EASM Obsolete Before it Became Mainstream 
Learn more