Cybersecurity Vulnerabilities

CVE-2025-66431: Critical Vulnerability Allows Root Code Execution in Plesk

December 3, 2025 - By 

Overview

A high-severity vulnerability, identified as CVE-2025-66431, has been discovered in WebPros Plesk. This vulnerability allows remote authenticated users to execute arbitrary code as root on Linux systems. The vulnerability affects Plesk versions before 18.0.73.5 and 18.0.74 before 18.0.74.2.

Technical Details

The vulnerability resides in the domain creation mechanism within Plesk. An attacker with the necessary permissions (“Create and manage sites” along with “Domains management” and “Subdomains management”) can exploit this flaw. By manipulating the domain creation process, the attacker can inject and execute malicious code with root privileges. This is a critical issue as it allows complete control over the affected server.

CVSS Analysis

  • CVE ID: CVE-2025-66431
  • Severity: HIGH
  • CVSS Score: 7.8

A CVSS score of 7.8 indicates a high-severity vulnerability. Exploitation is possible remotely, and successful exploitation could lead to complete system compromise.

Possible Impact

Successful exploitation of CVE-2025-66431 can have severe consequences, including:

  • Full System Compromise: The attacker gains root access, allowing them to control all aspects of the server.
  • Data Breach: Sensitive data stored on the server can be accessed and exfiltrated.
  • Malware Installation: The attacker can install malware, backdoors, or other malicious software.
  • Denial of Service: The attacker can disrupt services and make the server unavailable.
  • Privilege Escalation: Other users on the system can have their privileges escalated by the attacker.

Mitigation and Patch Steps

The recommended course of action is to immediately update your Plesk installation to a patched version. Follow these steps:

  1. Upgrade Plesk: Upgrade to Plesk version 18.0.73.5 or later, or version 18.0.74.2 or later, depending on your current version. Use the Plesk autoinstaller or the Plesk interface to perform the upgrade.
  2. Verify Upgrade: After the upgrade, verify that the Plesk version is correct.
  3. Review Permissions: Review user permissions within Plesk and ensure that only authorized users have “Create and manage sites” with “Domains management” and “Subdomains management” privileges.

References

Cybersecurity specialist and founder of Gowri Shankar Infosec - a professional blog dedicated to sharing actionable insights on cybersecurity, data protection, server administration, and compliance frameworks including SOC 2, PCI DSS, and GDPR.

Related Posts

CVE-2025-61932 Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

CVE-2025-61932: Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

October 23, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *