Access Control Flaw in Plesk 18.0 Leading to Root-Level Access
CVE-2025-66430

9.1CRITICAL

Key Information:

Vendor

Plesk

Status
Plesk
Vendor
CVE Published:
12 December 2025

Badges

πŸ“ˆ Score: 334πŸ‘Ύ Exploit ExistsπŸ“° News Worthy

What is CVE-2025-66430?

CVE-2025-66430 is a security vulnerability found in Plesk 18.0, a widely used web hosting platform that enables administrators to manage websites, applications, and servers effectively. The vulnerability is categorized as an access control flaw, specifically related to password-protected directories. This type of flaw allows unauthorized users to gain root-level access to a Plesk server. The impact of this vulnerability can be severe, as it can lead to complete control over the server, potentially enabling attackers to manipulate configurations, access sensitive data, and disrupt services. The flaw underscores the necessity for robust access control mechanisms to ensure that unauthorized actions are not permitted, especially in environments where sensitive information is managed or stored.

Potential impact of CVE-2025-66430

  1. Unauthorized Access and Control: The primary risk of CVE-2025-66430 is that it can permit unauthorized users to obtain root-level access to Plesk servers, resulting in the ability to execute any command or alter configurations, leading to total system compromise.

  2. Data Breaches: With root-level access, malicious actors could exfiltrate sensitive data from the server, including personally identifiable information (PII), credentials, and customer data, resulting in severe privacy violations and legal repercussions for affected organizations.

  3. Service Disruption: The ability to change server configurations and application settings can lead to service outages, disrupting business operations and affecting customer trust and satisfaction. An attack that manipulates critical configurations may cause downtime that affects the availability of hosted websites and applications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

News Articles

favicon imageCybersecurityNews

Critical Plesk Vulnerability Allows Plesk Users to Gain Root-Level Access

A serious vulnerability discovered in Plesk for Linux, lets users inject data into Apache settings and gain root-level access.

References

https://docs.plesk.com/release-notes/obsidian/whats-new/
https://support.plesk.com/hc/en-us/articles/3626192240501...

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by CybersecurityNews

  • Vulnerability published

  • Vulnerability Reserved

JSON
.