VYPR
Unrated severityNVD Advisory· Published Jan 8, 2026· Updated Jan 8, 2026

CVE-2025-65518

CVE-2025-65518

Description

Plesk Obsidian versions 8.0.1 through 18.0.73 are vulnerable to a Denial of Service (DoS) condition. The vulnerability exists in the get_password.php endpoint, where a crafted request containing a malicious payload can cause the affected web interface to continuously reload, rendering the service unavailable to legitimate users. An attacker can exploit this issue remotely without authentication, resulting in a persistent availability impact on the affected Plesk Obsidian instance.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Plesk/Obsidiancpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: >=8.0.1, <=18.0.73

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.