CVE-2025-68954 is a vulnerability classified under CWE-613 (Insufficient Session Expiration) affecting the Pterodactyl game server management panel, specifically versions prior to 1.12.0. The vulnerability arises because the system fails to revoke active SFTP connections when a user's permissions are changed or when the user is removed from a server instance. This means that if a user is connected via SFTP at the time their permissions are revoked, their session remains active and they retain access to files they should no longer be able to access. This flaw undermines the access control mechanisms by allowing continued unauthorized access, violating confidentiality and integrity principles. The vulnerability requires that the user already has an active SFTP session at the time of permission revocation, and the attacker must have at least high privileges to initiate the permission changes (as indicated by the CVSS vector requiring privileges). The vulnerability does not require user interaction and can be exploited remotely over the network. The CVSS 4.0 score of 7.5 reflects a high severity due to the potential for unauthorized data access and the ease of exploitation once conditions are met. The issue is fixed in Pterodactyl panel version 1.12.0, which properly terminates or revokes active SFTP sessions upon permission changes. No known exploits have been reported in the wild, but the vulnerability poses a significant risk to organizations relying on Pterodactyl for game server management, especially those managing sensitive or proprietary game data.

For European organizations, the impact of CVE-2025-68954 can be substantial, particularly for those operating game servers or hosting services using Pterodactyl panel versions below 1.12.0. Unauthorized continued access to files via persistent SFTP sessions after permission revocation can lead to data leakage, intellectual property theft, or unauthorized modification of game server files. This compromises confidentiality and integrity of data and may disrupt service availability if malicious actors alter critical files. The vulnerability could also facilitate lateral movement within networks if attackers leverage persistent access to escalate privileges or pivot to other systems. Given the popularity of game hosting in Europe and the use of open-source management tools, organizations in sectors such as gaming, digital entertainment, and cloud hosting are at heightened risk. The requirement for an active session at the time of permission change somewhat limits the attack window but does not eliminate risk, especially in environments with frequent permission updates or user removals. The absence of known exploits in the wild suggests a window for proactive mitigation before widespread exploitation occurs.

1. Upgrade all Pterodactyl panel installations to version 1.12.0 or later immediately to ensure the vulnerability is patched. 2. Implement monitoring and auditing of active SFTP sessions to detect and terminate stale or unauthorized connections promptly. 3. Enforce strict session management policies that include automatic session expiration and forced logout upon permission changes or user removals. 4. Use network segmentation to limit the impact of compromised SFTP sessions and restrict access to critical file systems. 5. Regularly review user permissions and access logs to identify anomalies or unauthorized access attempts. 6. Educate administrators on the importance of terminating active sessions when modifying user permissions. 7. Consider deploying additional access control mechanisms such as multi-factor authentication for administrative actions that alter permissions. 8. If immediate upgrade is not feasible, implement manual session termination procedures upon permission changes as a temporary workaround.