A critical symlink mishandling vulnerability in the LiteSpeed cPanel plugin has been confirmed as exploited in the wild, posing a significant risk to shared hosting security.

The vulnerability involves the improper handling of symlinks by the plugin. An attacker with existing FTP or web shell access on a shared hosting server running CloudLinux/CageFS can exploit this to bypass security constraints.

With a CVSS score of 8.5 (High), this vulnerability represents a severe risk for multi-tenant hosting environments. Exploitation leads to unauthorized file access and potential privilege escalation across isolated user environments, which can result in complete compromise of customer data and service integrity.

Immediate Action: Update the LiteSpeed cPanel plugin to version 2.4.8 or later and the LiteSpeed WHM Plugin to version 5.3.2.0 or later immediately.

Proactive Monitoring: Monitor server logs for unauthorized symlink creation or suspicious access patterns originating from user-level web shells or FTP accounts.

Compensating Controls: Ensure that CloudLinux/CageFS restrictions are fully enabled and properly configured to limit the scope of potential symlink-based attacks.

Public Exploit Available: false

This vulnerability is being actively exploited, making it a top-priority security concern. Organizations utilizing the LiteSpeed cPanel plugin on shared hosting platforms must apply the provided updates immediately to mitigate the risk of data exfiltration and unauthorized escalation.