CVE-2025-66431_CVE-2025-66431

7.8 / 10

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Description

WebPros Plesk before 18.0.73.5 and 18.0.74 before 18.0.74.2 on Linux allows remote authenticated users to execute arbitrary code as root via domain creation. The attacker needs "Create and manage sites" with "Domains management" and "Subdomains management."

Basic Information

ID CVE-2025-66431

Source mitre

Published Dec 3, 2025 at 00:00

Modified Dec 3, 2025 at 16:54

Affected Product

Vendor Plesk

Product Plesk

Affected Versions Plesk Plesk 0
Plesk Plesk 18.0.74

CWE Classification

CWE-61

References

{
    "lastseen": "",
    "description": "WebPros Plesk before 18.0.73.5 and 18.0.74 before 18.0.74.2 on Linux allows remote authenticated users to execute arbitrary code as root via domain creation. The attacker needs \"Create and manage sites\" with \"Domains management\" and \"Subdomains management.\"",
    "published": "2025-12-03T00:00:00.000Z",
    "modified": "2025-12-03T16:54:31.578Z",
    "type": "cve",
    "title": "CVE-2025-66431",
    "source": "mitre",
    "references": "https://docs.plesk.com/release-notes/obsidian/whats-new/\nhttps://docs.plesk.com/release-notes/obsidian/change-log/#plesk-18074\nhttps://support.plesk.com/hc/en-us/articles/36494997377687--CVE-2025-66431-Security-vulnerability-in-domain-creation-mechanism-allows-Plesk-users-to-execute-arbitrary-code-on-behalf-of-root",
    "id": "CVE-2025-66431",
    "bulletinFamily": "",
    "cwe": [
        "CWE-61"
    ],
    "cvelist": null,
    "sourceData": "Plesk Plesk 0\nPlesk Plesk 18.0.74",
    "sourceHref": "",
    "cvss": {
        "score": 7.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Plesk",
    "version": "0",
    "vendor": "Plesk",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}