Vulnerability in Pterodactyl Panel

CVE-2025-68954

Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below do not revoke active SFTP connections when a user is removed from a server instance or has their permissions changes with respect to file access ov…

EPSS: 0.000 (1.5th percentile) — read the EPSS interpretation.

Affected products

Pterodactyl Panel — versions < 1.12.0

Weakness classification (CWE)

CWE-613 — Insufficient Session Expiration

References

https://github.com/pterodactyl/panel/security/advisories/GHSA-8c39-xppg-479c (x_refsource_CONFIRM)
https://github.com/pterodactyl/panel/commit/2bd9d8baddb0e0606e4a9d5be402f48678ac88d5 (x_refsource_MISC)
https://github.com/pterodactyl/panel/releases/tag/v1.12.0 (x_refsource_MISC)