Critical Vulnerability in Plesk Obsidian Exposes Servers to Full Compromise

Threat: Vulnerability

Targeted Region: Global

Targeted Sector: Technology & IT

Criticality: Critical

[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

A critical authentication bypass vulnerability has been identified in Plesk Obsidian, tracked as CVE-2025-54336. This flaw allows remote, unauthenticated attackers to fully compromise vulnerable servers with no user interaction required.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

CVE-2025-54336: The vulnerability stems from improper authentication validation in the Plesk Obsidian management interface. Attackers can exploit this weakness to bypass authentication controls, gaining direct administrative access to the server. Successful exploitation enables adversaries to execute arbitrary commands, install malicious payloads, steal sensitive data, or alter system configurations. With a CVSS v3.1 score of 9.8 (critical), this vulnerability can lead to complete server takeover and long-term persistence.

This flaw poses a severe risk to internet-exposed Plesk servers, particularly those hosting critical business applications, customer data, or multi-tenant web services.

RECOMMENDATION:

We strongly recommend you update Plesk Obsidian to versions 18.0.71 Update 2 or 18.0.70 Update 4.

REFERENCES:

The following reports contain further technical details:

https://securityonline.info/cve-2025-54336-cvss-9-8-critical-flaw-in-plesk-obsidian-exposes-servers-to-full-compromise/

[/emaillocker]

Recent Advisories

vm2 Vulnerability Exposes Critical Node.js RCE Pathways

May 22, 2026

Apache Camel K Vulnerability Risks to Namespace Clusters

May 22, 2026

Splunk Enterprise Authorization Overwrite Bypass Vulnerability

May 22, 2026

Plonky3 Challenger Vulnerability Allows Transcript Malleability

May 22, 2026

Critical Vulnerability in Plesk Obsidian Exposes Servers to Full Compromise

Recent Advisories

Report an Incident