CVE-2025-49618 | Plesk Obsidian 18.0.69 /login_up.php accessKeyId/secretAccessKey/region/endpoint transmission of private resources into a new sphere (‘resource leak’)

Inserito da Angelo Barbosa | Lug 3, 2025 | CVE

A vulnerability classified as problematic has been found in Plesk Obsidian 18.0.69. This affects an unknown part of the file /login_up.php. The manipulation of the argument accessKeyId/secretAccessKey/region/endpoint leads to transmission of private resources into a new sphere (‘resource leak’).

This vulnerability is uniquely identified as CVE-2025-49618. It is possible to initiate the attack remotely. There is no exploit available.

CVE-2025-49618 | Plesk Obsidian 18.0.69 /login_up.php accessKeyId/secretAccessKey/region/endpoint transmission of private resources into a new sphere (‘resource leak’)

Post correlati

CVE-2024-43489 | Microsoft Edge up to 128.0.2739.42 type confusion

CVE-2023-52881 | Linux Kernel up to 6.6.6 TCP ACK unknown vulnerability

CVE-2024-27901 | SAP Asset Accounting File API path traversal

CVE-2024-39486 | Linux Kernel up to 6.6.36/6.9.7 drm_file drm_file_update_pid use after free (16682588ead4/0acce2a5c619/4f2a129b33a2)