CVE-2025-54336 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

In Plesk Obsidian 18.0.70, _isAdminPasswordValid uses an == comparison. Thus, if the correct password is "0e" followed by any digit string, then an attacker can…
Critical CVSS: 9.8

CVE-2025-54336

In Plesk Obsidian 18.0.70, _isAdminPasswordValid uses an == comparison. Thus, if the correct password is "0e" followed by any digit string, then an attacker can login with any other string that evaluates to 0.0 (such as the 0e0 string). This occurs in admin/plib/LoginManager.php.
Vendor
-
Product
-
CWE
CWE-697
Yayın Tarihi
2025-08-19 14:15:40
Güncelleme
2025-08-26 15:15:47
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-697 CRITICAL 2025

Referanslar

https://blog.aziz.tn/2025/08/cve-2025-54336.html/ https://support.plesk.com/hc/en-us/articles/33785727869847-Vulnerability-CVE-2025-54336 https://www.plesk.com/blog/plesk-news-announcements/introducing-plesk-obsidian-18-0-70-anniversary-edition/