Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-65518

Опубликовано: 08 янв. 2026
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

Plesk Obsidian versions 8.0.1 through 18.0.73 are vulnerable to a Denial of Service (DoS) condition. The vulnerability exists in the get_password.php endpoint, where a crafted request containing a malicious payload can cause the affected web interface to continuously reload, rendering the service unavailable to legitimate users. An attacker can exploit this issue remotely without authentication, resulting in a persistent availability impact on the affected Plesk Obsidian instance.

A flaw was found in Plesk Obsidian. A remote attacker, without needing to authenticate, can send a specially crafted request to the get_password.php endpoint. This malicious request causes the web interface to continuously reload, leading to a Denial of Service (DoS) condition. This renders the service unavailable to legitimate users, impacting the availability of the Plesk Obsidian instance.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenShift Dev Spacesdevspaces/traefik-rhel9Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-606
https://bugzilla.redhat.com/show_bug.cgi?id=2428098plesk: Plesk Obsidian: Denial of Service via crafted request to get_password.php

EPSS

Процентиль: 12%
0.0004
Низкий

7.5 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2025-65518

CVSS3: 7.5
nvd
3 месяца назад

Plesk Obsidian versions 8.0.1 through 18.0.73 are vulnerable to a Denial of Service (DoS) condition. The vulnerability exists in the get_password.php endpoint, where a crafted request containing a malicious payload can cause the affected web interface to continuously reload, rendering the service unavailable to legitimate users. An attacker can exploit this issue remotely without authentication, resulting in a persistent availability impact on the affected Plesk Obsidian instance.

github логотип

GHSA-pgxq-gj96-mq7g

CVSS3: 7.5
github
3 месяца назад

Plesk Obsidian versions 8.0.1 through 18.0.73 are vulnerable to a Denial of Service (DoS) condition. The vulnerability exists in the get_password.php endpoint, where a crafted request containing a malicious payload can cause the affected web interface to continuously reload, rendering the service unavailable to legitimate users. An attacker can exploit this issue remotely without authentication, resulting in a persistent availability impact on the affected Plesk Obsidian instance.

EPSS

Процентиль: 12%
0.0004
Низкий

7.5 High

CVSS3