Warning: Privilege Escalation in Plesk, Patch Immediately!

Image
Decorative image
Published : 17/12/2025
  • Last update: 17/12/2025
  • Affected software: Plesk for Linux
  • Type: Privilege Escalation
  • CVE/CVSS
    → CVE-2025-66430: CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)

Sources

Plesk - https://support.plesk.com/hc/en-us/articles/36261922405015--CVE-2025-66430-Security-vulnerability-in-Password-Protected-Directories-allows-Plesk-users-to-gain-root-level-access-to-a-Plesk-server

Risks

A newly discovered vulnerability in Plesk for Linux allows attackers to execute unauthorized commands, potentially gaining root-level access to servers and compromising all hosted data. 

Plesk is a web hosting control panel used by organizations to manage servers, websites, domains, databases, and email services across Linux environments.

If exploited this could lead to data breaches, system compromise, and operational downtime, impacting confidentiality, integrity, and availability of critical businesses.

Description

A critical security vulnerability, CVE-2025-66430, has been identified in Plesk Obsidian 18.0 on Linux.

This flaw exists due to incorrect access control in the Password-Protected Directories feature, which allows an authenticated Plesk user to abuse that feature to gain local privilege escalation to root.

In affected versions, a logged-in Plesk user who can manage password-protected directories can supply specially crafted input that Plesk writes into the web server configuration so when the web server configuration is rebuilt and reloaded, that injected configuration is processed with elevated privileges, enabling the attacker to execute commands as root and effectively take over the server.

Recommended Actions

Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.

Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.

While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.