CVE-2025-49618

Medium

In Plesk Obsidian 18.0.69, unauthenticated requests to /login_up.php can reveal an AWS accessKeyId, secretAccessKey, region, and endpoint.

mitre·CWE-402·Published 2025-07-03

CVSS

5.8

EPSS

0.00

KEV

Exploits

cve.orgen

138 chars

In Plesk Obsidian 18.0.69, unauthenticated requests to /login_up.php can reveal an AWS accessKeyId, secretAccessKey, region, and endpoint.

NVDen

138 chars

In Plesk Obsidian 18.0.69, unauthenticated requests to /login_up.php can reveal an AWS accessKeyId, secretAccessKey, region, and endpoint.

En Plesk Obsidian 18.0.69, las solicitudes no autenticadas a /login_up.php pueden revelar un AWS accessKeyId, un secretAccessKey, una región y un endpoint.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	5.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
3.1	Primary	cve.org	5.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
3.1	Secondary	NVD	5.8	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N