Path Traversal in Donknap Dpanel

CVE-2025-53363

dpanel is an open source server management panel written in Go. In versions 1.2.0 through 1.7.2, dpanel allows authenticated users to read arbitrary files from the server via the /api/app/compose/get-from-uri API endpoint. The vulnerabilit…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.002 (36.0th percentile) — read the EPSS interpretation.