CVE-2025-66431
HIGHDescription
WebPros Plesk before 18.0.73.5 and 18.0.74 before 18.0.74.2 on Linux allows remote authenticated users to execute arbitrary code as root via domain creation. The attacker needs "Create and manage sites" with "Domains management" and "Subdomains management."
Is your site exposed to CVE-2025-66431?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
References
Other References
Frequently Asked Questions
What is CVE-2025-66431? +
How severe is CVE-2025-66431? +
How do I check if I'm vulnerable to CVE-2025-66431? +
Related Vulnerabilities
tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if …
A UNIX Symbolic Link (Symlink) Following vulnerability in logrotate config in the exim package allowed privilege escalation from mail user/group …
astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.3 and earlier of astral-tokio-tar, tar archives may …
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of openSUSE Tumbleweed traefik2 allows the traefik user to escalate …
Airlink's Daemon interfaces with Docker and the Panel to provide secure access for controlling instances via the Panel. In version …
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling of …