<?xml version="1.0" encoding="UTF-8"?>
<cvrfdoc xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:cpe="http://cpe.mitre.org/language/2.0" xmlns:cvrf="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/cvrf" xmlns:cvrf-common="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/common" xmlns:cvssv2="http://scap.nist.gov/schema/cvss-v2/1.0" xmlns:cvssv3="https://www.first.org/cvss/cvss-v3.0.xsd" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:ns0="http://purl.org/dc/elements/1.1/" xmlns:prod="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/prod" xmlns:scap-core="http://scap.nist.gov/schema/scap-core/1.0" xmlns:sch="http://purl.oclc.org/dsdl/schematron" xmlns:vuln="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/cvrf">
  <DocumentTitle xml:lang="en">CVE-2025-30206</DocumentTitle>
  <DocumentType>SUSE CVE</DocumentType>
  <DocumentPublisher Type="Vendor">
    <ContactDetails>security@suse.de</ContactDetails>
    <IssuingAuthority>SUSE Security Team</IssuingAuthority>
  </DocumentPublisher>
  <DocumentTracking>
    <Identification>
      <ID>SUSE CVE-2025-30206</ID>
    </Identification>
    <Status>Interim</Status>
    <Version>1</Version>
    <RevisionHistory>
      <Revision>
        <Number>6</Number>
        <Date>2026-03-05T01:10:13Z</Date>
        <Description>current</Description>
      </Revision>
    </RevisionHistory>
    <InitialReleaseDate>2025-04-23T23:13:00Z</InitialReleaseDate>
    <CurrentReleaseDate>2026-03-05T01:10:13Z</CurrentReleaseDate>
    <Generator>
      <Engine>cve-database/bin/generate-cvrf-cve.pl</Engine>
      <Date>2020-12-27T01:00:00Z</Date>
    </Generator>
  </DocumentTracking>
  <DocumentNotes>
    <Note Title="CVE" Type="Summary" Ordinal="1" xml:lang="en">CVE-2025-30206</Note>
    <Note Title="Mitre CVE Description" Type="Description" Ordinal="2" xml:lang="en">Dpanel is a Docker visualization panel system which provides complete Docker management functions. The Dpanel service contains a hardcoded JWT secret in its default configuration, allowing attackers to generate valid JWT tokens and compromise the host machine. This security flaw allows attackers to analyze the source code, discover the embedded secret, and craft legitimate JWT tokens. By forging these tokens, an attacker can successfully bypass authentication mechanisms, impersonate privileged users, and gain unauthorized administrative access. Consequently, this enables full control over the host machine, potentially leading to severe consequences such as sensitive data exposure, unauthorized command execution, privilege escalation, or further lateral movement within the network environment. This issue is patched in version 1.6.1. A workaround for this vulnerability involves replacing the hardcoded secret with a securely generated value and load it from secure configuration storage.</Note>
    <Note Title="Terms of Use" Type="Legal Disclaimer" Ordinal="4" xml:lang="en">The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).</Note>
  </DocumentNotes>
  <DocumentReferences>
    <Reference Type="Self">
      <URL>https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XCF7AZBKQYAQXK32J6F54H6NREFBK2V7/</URL>
      <Description>E-Mail link for openSUSE-SU-2025:15017-1</Description>
    </Reference>
    <Reference Type="Self">
      <URL>https://www.suse.com/support/security/rating/</URL>
      <Description>SUSE Security Ratings</Description>
    </Reference>
  </DocumentReferences>
  <ProductTree xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/prod">
    <Branch Type="Product Family" Name="Container suse/sl-micro/6.0/baremetal-os-container:latest">
      <Branch Type="Product Name" Name="Container suse/sl-micro/6.0/baremetal-os-container:latest">
        <FullProductName ProductID="Container suse/sl-micro/6.0/baremetal-os-container:latest">Container suse/sl-micro/6.0/baremetal-os-container:latest</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="Container suse/sl-micro/6.0/base-os-container:latest">
      <Branch Type="Product Name" Name="Container suse/sl-micro/6.0/base-os-container:latest">
        <FullProductName ProductID="Container suse/sl-micro/6.0/base-os-container:latest">Container suse/sl-micro/6.0/base-os-container:latest</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="Container suse/sl-micro/6.0/kvm-os-container:latest">
      <Branch Type="Product Name" Name="Container suse/sl-micro/6.0/kvm-os-container:latest">
        <FullProductName ProductID="Container suse/sl-micro/6.0/kvm-os-container:latest">Container suse/sl-micro/6.0/kvm-os-container:latest</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="Container suse/sl-micro/6.0/rt-os-container:latest">
      <Branch Type="Product Name" Name="Container suse/sl-micro/6.0/rt-os-container:latest">
        <FullProductName ProductID="Container suse/sl-micro/6.0/rt-os-container:latest">Container suse/sl-micro/6.0/rt-os-container:latest</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="Container suse/sl-micro/6.0/toolbox:latest">
      <Branch Type="Product Name" Name="Container suse/sl-micro/6.0/toolbox:latest">
        <FullProductName ProductID="Container suse/sl-micro/6.0/toolbox:latest">Container suse/sl-micro/6.0/toolbox:latest</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="Image SL-Micro">
      <Branch Type="Product Name" Name="Image SL-Micro">
        <FullProductName ProductID="Image SL-Micro">Image SL-Micro</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="Image SLE-Micro">
      <Branch Type="Product Name" Name="Image SLE-Micro">
        <FullProductName ProductID="Image SLE-Micro">Image SLE-Micro</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="Image SLE-Micro-Azure">
      <Branch Type="Product Name" Name="Image SLE-Micro-Azure">
        <FullProductName ProductID="Image SLE-Micro-Azure">Image SLE-Micro-Azure</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="Image SLE-Micro-BYOS">
      <Branch Type="Product Name" Name="Image SLE-Micro-BYOS">
        <FullProductName ProductID="Image SLE-Micro-BYOS">Image SLE-Micro-BYOS</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="Image SLE-Micro-BYOS-Azure">
      <Branch Type="Product Name" Name="Image SLE-Micro-BYOS-Azure">
        <FullProductName ProductID="Image SLE-Micro-BYOS-Azure">Image SLE-Micro-BYOS-Azure</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="Image SLE-Micro-BYOS-EC2">
      <Branch Type="Product Name" Name="Image SLE-Micro-BYOS-EC2">
        <FullProductName ProductID="Image SLE-Micro-BYOS-EC2">Image SLE-Micro-BYOS-EC2</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="Image SLE-Micro-BYOS-GCE">
      <Branch Type="Product Name" Name="Image SLE-Micro-BYOS-GCE">
        <FullProductName ProductID="Image SLE-Micro-BYOS-GCE">Image SLE-Micro-BYOS-GCE</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="Image SLE-Micro-EC2">
      <Branch Type="Product Name" Name="Image SLE-Micro-EC2">
        <FullProductName ProductID="Image SLE-Micro-EC2">Image SLE-Micro-EC2</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="Image SLE-Micro-GCE">
      <Branch Type="Product Name" Name="Image SLE-Micro-GCE">
        <FullProductName ProductID="Image SLE-Micro-GCE">Image SLE-Micro-GCE</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="SUSE Linux Enterprise Server 16.0">
      <Branch Type="Product Name" Name="SUSE Linux Enterprise Server 16.0">
        <FullProductName ProductID="SUSE Linux Enterprise Server 16.0" CPE="cpe:/o:suse:sles:16:16.0:server">SUSE Linux Enterprise Server 16.0</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Family" Name="openSUSE Tumbleweed">
      <Branch Type="Product Name" Name="openSUSE Tumbleweed">
        <FullProductName ProductID="openSUSE Tumbleweed" CPE="cpe:/o:opensuse:tumbleweed">openSUSE Tumbleweed</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Version" Name="govulncheck-vulndb-0.0.20250422T181640-1.1">
      <FullProductName ProductID="govulncheck-vulndb-0.0.20250422T181640-1.1">govulncheck-vulndb-0.0.20250422T181640-1.1</FullProductName>
    </Branch>
    <Branch Type="Product Version" Name="govulncheck-vulndb-0.0.20250814T182633-160000.1.2">
      <FullProductName ProductID="govulncheck-vulndb-0.0.20250814T182633-160000.1.2">govulncheck-vulndb-0.0.20250814T182633-160000.1.2</FullProductName>
    </Branch>
    <Branch Type="Product Version" Name="libexpat1-2.7.1-slfo.1.1_3.1">
      <FullProductName ProductID="libexpat1-2.7.1-slfo.1.1_3.1">libexpat1-2.7.1-slfo.1.1_3.1</FullProductName>
    </Branch>
    <Relationship ProductReference="libexpat1-2.7.1-slfo.1.1_3.1" RelationType="Default Component Of" RelatesToProductReference="Container suse/sl-micro/6.0/baremetal-os-container:latest">
      <FullProductName ProductID="Container suse/sl-micro/6.0/baremetal-os-container:latest:libexpat1-2.7.1-slfo.1.1_3.1">libexpat1-2.7.1-slfo.1.1_3.1 as a component of Container suse/sl-micro/6.0/baremetal-os-container:latest</FullProductName>
    </Relationship>
    <Relationship ProductReference="libexpat1-2.7.1-slfo.1.1_3.1" RelationType="Default Component Of" RelatesToProductReference="Container suse/sl-micro/6.0/base-os-container:latest">
      <FullProductName ProductID="Container suse/sl-micro/6.0/base-os-container:latest:libexpat1-2.7.1-slfo.1.1_3.1">libexpat1-2.7.1-slfo.1.1_3.1 as a component of Container suse/sl-micro/6.0/base-os-container:latest</FullProductName>
    </Relationship>
    <Relationship ProductReference="libexpat1-2.7.1-slfo.1.1_3.1" RelationType="Default Component Of" RelatesToProductReference="Container suse/sl-micro/6.0/kvm-os-container:latest">
      <FullProductName ProductID="Container suse/sl-micro/6.0/kvm-os-container:latest:libexpat1-2.7.1-slfo.1.1_3.1">libexpat1-2.7.1-slfo.1.1_3.1 as a component of Container suse/sl-micro/6.0/kvm-os-container:latest</FullProductName>
    </Relationship>
    <Relationship ProductReference="libexpat1-2.7.1-slfo.1.1_3.1" RelationType="Default Component Of" RelatesToProductReference="Container suse/sl-micro/6.0/rt-os-container:latest">
      <FullProductName ProductID="Container suse/sl-micro/6.0/rt-os-container:latest:libexpat1-2.7.1-slfo.1.1_3.1">libexpat1-2.7.1-slfo.1.1_3.1 as a component of Container suse/sl-micro/6.0/rt-os-container:latest</FullProductName>
    </Relationship>
    <Relationship ProductReference="libexpat1-2.7.1-slfo.1.1_3.1" RelationType="Default Component Of" RelatesToProductReference="Container suse/sl-micro/6.0/toolbox:latest">
      <FullProductName ProductID="Container suse/sl-micro/6.0/toolbox:latest:libexpat1-2.7.1-slfo.1.1_3.1">libexpat1-2.7.1-slfo.1.1_3.1 as a component of Container suse/sl-micro/6.0/toolbox:latest</FullProductName>
    </Relationship>
    <Relationship ProductReference="libexpat1-2.7.1-slfo.1.1_3.1" RelationType="Default Component Of" RelatesToProductReference="Image SL-Micro">
      <FullProductName ProductID="Image SL-Micro:libexpat1-2.7.1-slfo.1.1_3.1">libexpat1-2.7.1-slfo.1.1_3.1 as a component of Image SL-Micro</FullProductName>
    </Relationship>
    <Relationship ProductReference="libexpat1-2.7.1-slfo.1.1_3.1" RelationType="Default Component Of" RelatesToProductReference="Image SLE-Micro">
      <FullProductName ProductID="Image SLE-Micro:libexpat1-2.7.1-slfo.1.1_3.1">libexpat1-2.7.1-slfo.1.1_3.1 as a component of Image SLE-Micro</FullProductName>
    </Relationship>
    <Relationship ProductReference="libexpat1-2.7.1-slfo.1.1_3.1" RelationType="Default Component Of" RelatesToProductReference="Image SLE-Micro-Azure">
      <FullProductName ProductID="Image SLE-Micro-Azure:libexpat1-2.7.1-slfo.1.1_3.1">libexpat1-2.7.1-slfo.1.1_3.1 as a component of Image SLE-Micro-Azure</FullProductName>
    </Relationship>
    <Relationship ProductReference="libexpat1-2.7.1-slfo.1.1_3.1" RelationType="Default Component Of" RelatesToProductReference="Image SLE-Micro-BYOS">
      <FullProductName ProductID="Image SLE-Micro-BYOS:libexpat1-2.7.1-slfo.1.1_3.1">libexpat1-2.7.1-slfo.1.1_3.1 as a component of Image SLE-Micro-BYOS</FullProductName>
    </Relationship>
    <Relationship ProductReference="libexpat1-2.7.1-slfo.1.1_3.1" RelationType="Default Component Of" RelatesToProductReference="Image SLE-Micro-BYOS-Azure">
      <FullProductName ProductID="Image SLE-Micro-BYOS-Azure:libexpat1-2.7.1-slfo.1.1_3.1">libexpat1-2.7.1-slfo.1.1_3.1 as a component of Image SLE-Micro-BYOS-Azure</FullProductName>
    </Relationship>
    <Relationship ProductReference="libexpat1-2.7.1-slfo.1.1_3.1" RelationType="Default Component Of" RelatesToProductReference="Image SLE-Micro-BYOS-EC2">
      <FullProductName ProductID="Image SLE-Micro-BYOS-EC2:libexpat1-2.7.1-slfo.1.1_3.1">libexpat1-2.7.1-slfo.1.1_3.1 as a component of Image SLE-Micro-BYOS-EC2</FullProductName>
    </Relationship>
    <Relationship ProductReference="libexpat1-2.7.1-slfo.1.1_3.1" RelationType="Default Component Of" RelatesToProductReference="Image SLE-Micro-BYOS-GCE">
      <FullProductName ProductID="Image SLE-Micro-BYOS-GCE:libexpat1-2.7.1-slfo.1.1_3.1">libexpat1-2.7.1-slfo.1.1_3.1 as a component of Image SLE-Micro-BYOS-GCE</FullProductName>
    </Relationship>
    <Relationship ProductReference="libexpat1-2.7.1-slfo.1.1_3.1" RelationType="Default Component Of" RelatesToProductReference="Image SLE-Micro-EC2">
      <FullProductName ProductID="Image SLE-Micro-EC2:libexpat1-2.7.1-slfo.1.1_3.1">libexpat1-2.7.1-slfo.1.1_3.1 as a component of Image SLE-Micro-EC2</FullProductName>
    </Relationship>
    <Relationship ProductReference="libexpat1-2.7.1-slfo.1.1_3.1" RelationType="Default Component Of" RelatesToProductReference="Image SLE-Micro-GCE">
      <FullProductName ProductID="Image SLE-Micro-GCE:libexpat1-2.7.1-slfo.1.1_3.1">libexpat1-2.7.1-slfo.1.1_3.1 as a component of Image SLE-Micro-GCE</FullProductName>
    </Relationship>
    <Relationship ProductReference="govulncheck-vulndb-0.0.20250814T182633-160000.1.2" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Server 16.0">
      <FullProductName ProductID="SUSE Linux Enterprise Server 16.0:govulncheck-vulndb-0.0.20250814T182633-160000.1.2">govulncheck-vulndb-0.0.20250814T182633-160000.1.2 as a component of SUSE Linux Enterprise Server 16.0</FullProductName>
    </Relationship>
    <Relationship ProductReference="govulncheck-vulndb-0.0.20250422T181640-1.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Tumbleweed">
      <FullProductName ProductID="openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250422T181640-1.1">govulncheck-vulndb-0.0.20250422T181640-1.1 as a component of openSUSE Tumbleweed</FullProductName>
    </Relationship>
  </ProductTree>
  <Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="1">
    <Notes>
      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">Dpanel is a Docker visualization panel system which provides complete Docker management functions. The Dpanel service contains a hardcoded JWT secret in its default configuration, allowing attackers to generate valid JWT tokens and compromise the host machine. This security flaw allows attackers to analyze the source code, discover the embedded secret, and craft legitimate JWT tokens. By forging these tokens, an attacker can successfully bypass authentication mechanisms, impersonate privileged users, and gain unauthorized administrative access. Consequently, this enables full control over the host machine, potentially leading to severe consequences such as sensitive data exposure, unauthorized command execution, privilege escalation, or further lateral movement within the network environment. This issue is patched in version 1.6.1. A workaround for this vulnerability involves replacing the hardcoded secret with a securely generated value and load it from secure configuration storage.</Note>
    </Notes>
    <CVE>CVE-2025-30206</CVE>
    <ProductStatuses>
      <Status Type="Fixed">
        <ProductID>Container suse/sl-micro/6.0/baremetal-os-container:latest:libexpat1-2.7.1-slfo.1.1_3.1</ProductID>
        <ProductID>Container suse/sl-micro/6.0/base-os-container:latest:libexpat1-2.7.1-slfo.1.1_3.1</ProductID>
        <ProductID>Container suse/sl-micro/6.0/kvm-os-container:latest:libexpat1-2.7.1-slfo.1.1_3.1</ProductID>
        <ProductID>Container suse/sl-micro/6.0/rt-os-container:latest:libexpat1-2.7.1-slfo.1.1_3.1</ProductID>
        <ProductID>Container suse/sl-micro/6.0/toolbox:latest:libexpat1-2.7.1-slfo.1.1_3.1</ProductID>
        <ProductID>Image SL-Micro:libexpat1-2.7.1-slfo.1.1_3.1</ProductID>
        <ProductID>Image SLE-Micro:libexpat1-2.7.1-slfo.1.1_3.1</ProductID>
        <ProductID>Image SLE-Micro-Azure:libexpat1-2.7.1-slfo.1.1_3.1</ProductID>
        <ProductID>Image SLE-Micro-BYOS:libexpat1-2.7.1-slfo.1.1_3.1</ProductID>
        <ProductID>Image SLE-Micro-BYOS-Azure:libexpat1-2.7.1-slfo.1.1_3.1</ProductID>
        <ProductID>Image SLE-Micro-BYOS-EC2:libexpat1-2.7.1-slfo.1.1_3.1</ProductID>
        <ProductID>Image SLE-Micro-BYOS-GCE:libexpat1-2.7.1-slfo.1.1_3.1</ProductID>
        <ProductID>Image SLE-Micro-EC2:libexpat1-2.7.1-slfo.1.1_3.1</ProductID>
        <ProductID>Image SLE-Micro-GCE:libexpat1-2.7.1-slfo.1.1_3.1</ProductID>
        <ProductID>SUSE Linux Enterprise Server 16.0:govulncheck-vulndb-0.0.20250814T182633-160000.1.2</ProductID>
        <ProductID>openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250422T181640-1.1</ProductID>
      </Status>
    </ProductStatuses>
    <Threats>
      <Threat Type="Impact">
        <Description>critical</Description>
      </Threat>
    </Threats>
  </Vulnerability>
</cvrfdoc>
