Security Advisory — CVE-2025-12914
Dear Customer:
https://nvd.nist.gov/vuln/detail/CVE-2025-12914
NVD has publicly disclosed CVE-2025-12914 security vulnerability in aaPanel (BT Panel). This vulnerability exists in /database?action=GetDatabaseAccess and can be exploited remotely for SQL injection attacks, with extremely high risk.
📌 Risk Description
Attackers can remotely trigger SQL injection which may lead to database reading, tampering, or system compromise. Vulnerability exploit has been publicly disclosed. Official has not yet responded to the vulnerability notification.
📌 Affected Versions
aaPanel / BT Panel version 11.1.0 and earlier
📌 Recommended Actions for Customers to Take Immediately
– Update to the latest version (if official patch has been released)
– Disable direct external access to the panel port (e.g., 8888)
– Set strong password and enable two-step verification
– Check for abnormal logins or database access
A quick news update
-
Alipay QR Code Scan
-
WeChat Scan Pay
