CVE-2025-65518
EUVD-2026-143608.01.2026, 19:15
Plesk Obsidian versions 8.0.1 through 18.0.73 are vulnerable to a Denial of Service (DoS) condition. The vulnerability exists in the get_password.php endpoint, where a crafted request containing a malicious payload can cause the affected web interface to continuously reload, rendering the service unavailable to legitimate users. An attacker can exploit this issue remotely without authentication, resulting in a persistent availability impact on the affected Plesk Obsidian instance.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| webpros | plesk_obsidian | 8.0.1 ≤ 𝑥 < 18.0.73 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-400 - Uncontrolled Resource ConsumptionThe software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
- CWE-606 - Unchecked Input for Loop ConditionThe product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service or other consequences because of excessive looping.
References