It seems the default installation settings are used for MariaDB, including anonymous user access, remote IP access and a "test" database. That's fine for initial test deployment, but really bad for production.
MariaDB included a security script to address the issues called [mysql_secure_installation].
But CyberPanel doesn't run this script during the install process, and this can lead to very vulnerable servers. Yes, no, maybe?