Medium severity5.8NVD Advisory· Published Jul 3, 2025· Updated Apr 15, 2026

CVE-2025-49618

Description

In Plesk Obsidian 18.0.69, unauthenticated requests to /login_up.php can reveal an AWS accessKeyId, secretAccessKey, region, and endpoint.

No patches discovered yet.

AI mechanics synthesis has not run for this CVE yet.

No linked articles in our index yet.