Critical Privilege Escalation Vulnerability in Plesk for Linux
A critical security vulnerability, tracked as CVE-2025-66430, has been identified in Plesk for Linux, specifically affecting the Password-Protected Directories feature. This flaw allows authenticated Plesk users to inject arbitrary data into Apache configuration files, leading to local privilege escalation and enabling attackers to execute commands with root-level privileges. The vulnerability poses a severe risk of complete server compromise, data theft, malware installation, and lateral movement within affected environments. Plesk versions 18.0.70 through 18.0.74, including Plesk Onyx installations, are impacted, and security updates have been released to address the issue. Administrators are strongly advised to apply the latest micro-updates (18.0.73.5 and 18.0.74.2) immediately to mitigate the risk.
The vulnerability is the result of improper access control and insufficient input validation within the Password-Protected Directories feature. Exploitation requires access to a Plesk user account, but once achieved, attackers can escalate privileges to root, representing a significant threat to organizations relying on Plesk for server management. The issue is classified as critical, with a CVSS score of 9.1, and is remotely exploitable. Official Plesk documentation provides detailed guidance for patching affected systems, and prompt remediation is essential to prevent exploitation in the wild.
Timeline
Dec 15, 2025
Plesk releases updates for CVE-2025-66430
Plesk released security updates and micro-updates to fix CVE-2025-66430, which affects Plesk for Linux versions 18.0.70 through 18.0.74 and Plesk Onyx installations. The flaw in the Password-Protected Directories feature can let a Plesk user inject Apache configuration data and execute commands with root privileges.
Dec 12, 2025
CVE-2025-66430 published for Plesk authentication bypass flaw
MITRE published CVE-2025-66430, a critical improper access control vulnerability affecting Plesk 18.0 that can allow authentication bypass and potentially root-level access. Public proof-of-concept exploit code was noted as available on GitHub, increasing exploitation risk.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Vulnerabilities
Organizations
Sources
Related Stories
Critical cPanel & WHM Authentication Flaw Exposes Servers to Unauthorized Access
cPanel disclosed a **critical login authentication vulnerability** in **cPanel & WHM** that can allow **unauthorized access** to affected servers, and released fixes for supported versions on April 28, 2026. Public technical details remain limited and no `CVE` had been assigned at the time of disclosure, but changelog references tied the issue to **session loading and saving** under `CPANEL-52908`. The flaw affects multiple supported release tiers, and cPanel urged administrators to upgrade immediately. Patched builds were issued for versions **110, 118, 126, 132, 134, and 136**, while unsupported or end-of-life deployments are also considered likely at risk. The exposure is significant because **WHM** is used for server administration and **cPanel** manages individual hosting accounts, meaning successful exploitation could compromise both administrative and tenant access paths. Security teams were advised to rapidly inventory internet-facing cPanel assets, identify impacted versions, and prioritize emergency remediation across hosted environments.
Today
Multiple Flaws in Proxmox VE and Mail Gateway Enable XSS, DoS, and Privilege Escalation
Researchers disclosed three vulnerabilities affecting **Proxmox Virtual Environment (PVE)** and **Proxmox Mail Gateway (PMG)**, including a post-authentication reflected XSS in PVE’s API Inspector, a CRLF injection flaw in HTTP error handling, and a post-authentication SSRF plus arbitrary file-read issue shared across both products. The XSS bug, tracked as `CVE-2022-31358`, could let an authenticated attacker run JavaScript in a logged-in administrator’s browser and potentially abuse exposed web UI functions to execute actions on the host. The CRLF injection issue could be exploited in Chromium-based browsers to inject headers and trigger a client-side denial of service by forcing oversized cookie headers that lock users out of the web interface. The most serious finding was a bug chain in PVE and PMG that allowed low-privileged authenticated users to abuse SSRF and arbitrary file read; in PMG, attackers could also access backup archives containing the authentication private key, forge valid tickets, and escalate privileges to **`root@pam`**. MITRE assigned `CVE-2022-35507` and `CVE-2022-35508` to the latter flaws. Proxmox addressed the XSS in **`pve-http-server` 4.1-2** and patched the CRLF injection and SSRF-related issues in **`pve-http-server` 4.1-3**.
2 weeks ago
Multiple Critical Vulnerabilities Disclosed Across Popular Software Platforms
A series of critical vulnerabilities have been disclosed affecting a wide range of popular software platforms, including WordPress plugins, web frameworks, developer tools, and enterprise applications. Notable issues include unauthenticated remote code execution (RCE) flaws in Next.js (CVE-2025-66478), WordPress core (CVE-2025-6389), and the ACF Extended plugin (CVE-2025-13486), as well as privilege escalation and authentication bypass vulnerabilities in the WP Directory Kit plugin (CVE-2025-13390) and cPanel. Several of these vulnerabilities are reported to be under active exploitation, with proof-of-concept code available for some, increasing the urgency for immediate patching and mitigation. Other significant disclosures include a high-severity flaw in Vim for Windows (CVE-2025-66476) allowing arbitrary code execution, a critical SQL injection chain in Synology BeeStation, and a directory traversal vulnerability in cPanel that could lead to full server takeover. Additional advisories cover issues in lz4-java, Longwatch OT surveillance, Django, Elementor, Apache Struts, nopCommerce, and OpenVPN, with many rated as critical or high severity by CVSS. Organizations are strongly advised to review affected products and apply security updates promptly to mitigate the risk of exploitation.
1 months ago