CVE-2025-65518

Name of the Vulnerable Software and Affected Versions Plesk Obsidian versions 8.0.1 through 18.0.73

Description Plesk Obsidian versions 8.0.1 through 18.0.73 are susceptible to a Denial of Service (DoS) condition. The issue resides in the get password.php API endpoint, where a specifically crafted request with a malicious payload can cause the web interface to continuously reload, making the service inaccessible to legitimate users. An attacker can exploit this remotely without needing authentication, leading to a persistent disruption of the Plesk Obsidian instance.

Recommendations Plesk Obsidian versions 8.0.1 through 8.0.73: Apply a fix or update to a newer, unaffected version. Plesk Obsidian versions 8.0.1 through 18.0.73: Apply a fix or update to a newer, unaffected version.