CISA has alerted the public about a vulnerability in the Control Web Panel (CWP) identified as CVE-2025-48703. This weakness allows for remote code execution and has already been exploited in the wild. Findsec previously indicated the likelihood of such exploitation, noting that threat actors are sharing automated exploits on cybercrime forums. Current data shows approximately 150,000 CWP instances exposed to the internet, with the majority located in the United States, Germany, Japan, India, France, and Canada. Shodan reports over 220,000 instances globally, which raises concerns about opportunistic attacks targeting these systems. CISA has added CVE-2025-48703 to its Known Exploited Vulnerabilities catalog, mandating that federal agencies address the issue by November 25. The agency’s warning follows earlier reports of in-the-wild exploitation of a CWP vulnerability earlier this year. Organizations using CWP should prioritize patching and securing their systems to mitigate the risk of attacks stemming from this vulnerability.