Severity by source
AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
WebPros Plesk before 18.0.73.5 and 18.0.74 before 18.0.74.2 on Linux allows remote authenticated users to execute arbitrary code as root via domain creation. The attacker needs "Create and manage sites" with "Domains management" and "Subdomains management."
AnalysisAI
A remote code execution vulnerability in WebPros Plesk before 18.0.73.5 and 18.0.74 before 18.0.74.2 on Linux (CVSS 7.8) that allows remote authenticated users. High severity vulnerability requiring prompt remediation.
Technical ContextAI
Vulnerability type: remote code execution. CVSS 7.8 indicates high severity. Affects WebPros Plesk before 18.0.73.5 and 18.0.74 before 18.0.74.2 on Linux.
RemediationAI
Monitor vendor channels for patch availability.
Same weakness CWE-61 – UNIX Symbolic Link (Symlink) Following
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-200986