cvedb.io
CVE-2025-65518
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2026-01-08T19:15:57.043 · Last modified 2026-06-30T03:16:57.143

Summary

Plesk Obsidian versions 8.0.1 through 18.0.73 are vulnerable to a Denial of Service (DoS) condition. The vulnerability exists in the get_password.php endpoint, where a crafted request containing a malicious payload can cause the affected web interface to continuously reload, rendering the service unavailable to legitimate users. An attacker can exploit this issue remotely without authentication, resulting in a persistent availability impact on the affected Plesk Obsidian instance.

Affected products

webpros — plesk_obsidian

Does this affect you?

Add your gear to cvedb and we'll alert you only when webpros ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.