PT-2025-48951 · Webpros · Plesk

Published

2025-12-03

Updated

2025-12-03

CVE-2025-66431

CVSS v3.1

7.8

High

Vector

AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WebPros Plesk versions prior to 18.0.73.5 WebPros Plesk versions 18.0.74 through 18.0.74.2

Description A remote, authenticated user can execute arbitrary code as root through domain creation. An attacker requires “Create and manage sites” with “Domains management” and “Subdomains management” permissions to exploit this.

Recommendations Update WebPros Plesk to version 18.0.73.5 or later. Update WebPros Plesk to version 18.0.74.2 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-61

Related Identifiers

CVE-2025-66431

Affected Products

Plesk

PT-2025-48951 · Webpros · Plesk

CVE-2025-66431

Weakness Enumeration

Related Identifiers

Affected Products

References · 7