A vulnerability classified as problematic has been found in Plesk Obsidian 18.0.69. This affects an unknown part of the file /login_up.php. The manipulation of the argument accessKeyId/secretAccessKey/region/endpoint leads to transmission of private resources into a new sphere (‘resource leak’).

This vulnerability is uniquely identified as CVE-2025-49618. It is possible to initiate the attack remotely. There is no exploit available.