A severe security vulnerability has been discovered in Plesk for Linux that could allow users to gain root access on affected servers.
The flaw, tracked as CVE-2025-66430, exists within Plesk’s Password-Protected Directories feature and allows attackers to inject arbitrary data into Apache configuration files.
The vulnerability stems from improper handling of user input within the Password-Protected Directories feature.
By exploiting this flaw, attackers can inject malicious data into the Apache configuration and subsequently execute commands with root privileges.
This represents a critical local privilege escalation vulnerability that poses a significant risk to organizations relying on Plesk for server management.
| CVE ID | Vulnerability Type | Affected Component |
|---|---|---|
| CVE-2025-66430 | Local Privilege Escalation | Password-Protected Directories |
Any Plesk user with access to the Password-Protected Directories feature can exploit this vulnerability to gain unauthorized root-level access.
This allows attackers to execute arbitrary commands with the highest system privileges, potentially leading to complete server compromise, data theft, malware installation, or lateral movement within the network.
Organizations running affected Plesk versions face substantial risk if this vulnerability remains unpatched.
The ability to escalate privileges from a standard user account to root access represents one of the most critical security threats in server management environments.
Plesk has released security updates addressing this vulnerability. Affected versions include Plesk 18.0.70 through 18.0.74. Plesk Onyx installations are also impacted.
Micro-updates for versions 18.0.73.5 and 18.0.74.2 have been released; administrators should install them immediately. To remediate this vulnerability, organizations should update their Plesk installations without delay.
The official Plesk support documentation provides comprehensive guidance on installing updates across different version releases.
System administrators should prioritize updating all affected Plesk installations to patched versions immediately.
Organizations should review access controls for the Password-Protected Directories feature and verify that only authorized users have access.
Additionally, monitoring logs for suspicious configuration changes or command execution attempts is recommended.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
