If you are an IT support guy or a developer you are definitely known of web server management software cPanel and WHM — cPanel is a web hosting control panel that lets website owners manage their servers easily through a graphical interface, while WHM (Web Host Manager) gives hosting providers backend control over multiple accounts — which allow you to work on the backend of the server to make changes easily on the server, and that got affected by a bug that will allow exploiters to make changes on the server. This vulnerability is tracked as CVE-2025-43441, which you can look up for full technical details.
Credits: Bleeping Computer
As of Monday, more than 550,000 vulnerable servers are running on cPanel — this figure represents vulnerable servers globally according to internet-wide scans — and now around 2,000 cPanel servers instantly compromised. To clarify, the 44,000 figure was the initially reported number of at-risk servers when the vulnerability was first disclosed, and that number has now narrowed down to around 2,000 confirmed compromised servers. This was published by the cyber underdog named ShadowServer, a non-profit organization that scans and monitors cyber attacks. You can verify this data directly from their official reporting at shadowserver.org
And also most of the affected websites have been indexed on Google, that group of hackers claimed to have encrypted the victims’ files and it appears to be a ransomware attack. To understand the real impact — when ransomware hits a server, the website owner loses access to all their files, the website goes completely offline, and the attackers demand a ransom payment in cryptocurrency to restore access. This means real businesses losing real money every hour they are down.
If you are on shared hosting, you may also be at risk if your hosting provider runs cPanel on their servers — contact your host and ask them directly whether they have patched the vulnerability.
If you have cPanel installed and have not received a security notification yet, do not wait. Check your cPanel version immediately and apply the latest available security patch from the official cPanel update manager.
