CVE-2025-66431 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

WebPros Plesk before 18.0.73.5 and 18.0.74 before 18.0.74.2 on Linux allows remote authenticated users to execute arbitrary code as root via domain creation. Th…
High CVSS: 7.8

CVE-2025-66431

WebPros Plesk before 18.0.73.5 and 18.0.74 before 18.0.74.2 on Linux allows remote authenticated users to execute arbitrary code as root via domain creation. The attacker needs "Create and manage sites" with "Domains management" and "Subdomains management."
Vendor
-
Product
-
CWE
CWE-61
Yayın Tarihi
2025-12-03 17:15:54
Güncelleme
2025-12-04 17:15:08
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-61 HIGH 2025

Referanslar

https://docs.plesk.com/release-notes/obsidian/change-log/#plesk-18074 https://docs.plesk.com/release-notes/obsidian/whats-new/ https://support.plesk.com/hc/en-us/articles/36494997377687--CVE-2025-66431-Security-vulnerability-in-domain-creation-mechanism-allows-Plesk-users-to-execute-arbitrary-code-on-behalf-of-root