CVE-2025-66430

EUVD-2025-203102
Plesk 18.0 has Incorrect Access Control.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA-ADPADP
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
Affected Products (NVD)
VendorProductVersion
pleskplesk
18.0.70 ≤
𝑥
< 18.0.73.5
pleskplesk
18.0.74 ≤
𝑥
< 18.0.74.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://docs.plesk.com/release-notes/obsidian/whats-new/
https://support.plesk.com/hc/en-us/articles/36261922405015--CVE-2025-66430-Security-vulnerability-in-Password-Protected-Directories-allows-Plesk-users-to-gain-root-level-access-to-a-Plesk-server