CNNVD-202512-362 Information

CNNVD ID

CNNVD-202512-362

Related CVE

CVE-2025-66431

• CNNVD Published: 2025-12-03

Description (Chinese)

WebPros Plesk是WebPros公司的一个Web托管平台。 WebPros Plesk 18.0.73.5之前版本和18.0.74至18.0.74.2之前版本存在安全漏洞，该漏洞源于域创建功能存在缺陷，可能导致远程代码执行。

Description (English)

WebPros Plesk is a WebPros Web hosting platform. The pre-WebPros Plesk 18.73.5 and pre-I18.0.74 to 18.0.74.2 have a security loophole, which stems from deficiencies in the domain creation function that may lead to remote code implementation.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

WebPros

Published

2025-12-03

Last Modified

2026-02-24

References

https://docs.plesk.com/release-notes/obsidian/change-log/#plesk-18074 https://docs.plesk.com/release-notes/obsidian/whats-new/ https://support.plesk.com/hc/en-us/articles/36494997377687–CVE-2025-66431-Security-vulnerability-in-domain-creation-mechanism-allows-Plesk-users-to-execute-arbitrary-code-on-behalf-of-root

Patch

https://support.plesk.com/hc/en-us/articles/36494997377687--CVE-2025-66431-Security-vulnerability-in-domain-creation-mechanism-allows-Plesk-users-to-execute-arbitrary-code-on-behalf-of-root