CVE-2025-49618 | Plesk Obsidian 18.0.69 /login_up.php accessKeyId/secretAccessKey/region/endpoint transmission of private resources into a new sphere (‘resource leak’)

Inserito da Angelo Barbosa | Lug 3, 2025 | CVE

A vulnerability classified as problematic has been found in Plesk Obsidian 18.0.69. This affects an unknown part of the file /login_up.php. The manipulation of the argument accessKeyId/secretAccessKey/region/endpoint leads to transmission of private resources into a new sphere (‘resource leak’).

This vulnerability is uniquely identified as CVE-2025-49618. It is possible to initiate the attack remotely. There is no exploit available.

CVE-2025-49618 | Plesk Obsidian 18.0.69 /login_up.php accessKeyId/secretAccessKey/region/endpoint transmission of private resources into a new sphere (‘resource leak’)

Post correlati

CVE-2020-36836 | emrevona WP Fastest Cache Plugin up to 0.9.0.2 on WordPress Path Validation cross-site request forgery (ID 2235160)

CVE-2024-20508 | Cisco UTD SNORT IPS Engine Software up to 17.15.1a HTTP heap-based overflow (cisco-sa-utd-snort3-dos-bypas-b4OUEwxD)

CVE-2025-25191 | Intermesh groupoffice up to 6.8.99 Name cross site scripting (GHSA-j7p3-v652-p3gf)

CVE-2024-20116 | MediaTek MT8798 Cmdq out-of-bounds (MSV-1696 / ALPS09057438)