CVE-2025-66431

| EUVD-2025-200986 HIGH
2025-12-03 [email protected]
7.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 15, 2026 - 16:14 euvd
EUVD-2025-200986
Analysis Generated
Mar 15, 2026 - 16:14 vuln.today
CVE Published
Dec 03, 2025 - 17:15 nvd
HIGH 7.8

Tags

RCE

Description

WebPros Plesk before 18.0.73.5 and 18.0.74 before 18.0.74.2 on Linux allows remote authenticated users to execute arbitrary code as root via domain creation. The attacker needs "Create and manage sites" with "Domains management" and "Subdomains management."

Analysis

A remote code execution vulnerability in WebPros Plesk before 18.0.73.5 and 18.0.74 before 18.0.74.2 on Linux (CVSS 7.8) that allows remote authenticated users. High severity vulnerability requiring prompt remediation.

Technical Context

Vulnerability type: remote code execution. CVSS 7.8 indicates high severity. Affects WebPros Plesk before 18.0.73.5 and 18.0.74 before 18.0.74.2 on Linux.

Affected Products

['WebPros Plesk before 18.0.73.5 and 18.0.74 before 18.0.74.2 on Linux']

Remediation

Monitor vendor channels for patch availability.

Priority Score

39
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +39
POC: 0

Share

CVE-2025-66431 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy