Skip to main content

WebPros Plesk CVE-2025-66431

| EUVDEUVD-2025-200986 HIGH
UNIX Symbolic Link (Symlink) Following (CWE-61)
2025-12-03 cve@mitre.org
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:24 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
18.0.73.5,18.0.74.2
EUVD ID Assigned
Mar 15, 2026 - 16:14 euvd
EUVD-2025-200986
Analysis Generated
Mar 15, 2026 - 16:14 vuln.today
CVE Published
Dec 03, 2025 - 17:15 nvd
HIGH 7.8

DescriptionCVE.org

WebPros Plesk before 18.0.73.5 and 18.0.74 before 18.0.74.2 on Linux allows remote authenticated users to execute arbitrary code as root via domain creation. The attacker needs "Create and manage sites" with "Domains management" and "Subdomains management."

AnalysisAI

A remote code execution vulnerability in WebPros Plesk before 18.0.73.5 and 18.0.74 before 18.0.74.2 on Linux (CVSS 7.8) that allows remote authenticated users. High severity vulnerability requiring prompt remediation.

Technical ContextAI

Vulnerability type: remote code execution. CVSS 7.8 indicates high severity. Affects WebPros Plesk before 18.0.73.5 and 18.0.74 before 18.0.74.2 on Linux.

RemediationAI

Monitor vendor channels for patch availability.

Share

CVE-2025-66431 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy