CVE-2025-49618
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-07-03

Last updated on: 2025-07-03

Assigner: MITRE

Description
In Plesk Obsidian 18.0.69, unauthenticated requests to /login_up.php can reveal an AWS accessKeyId, secretAccessKey, region, and endpoint.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-03
Last Modified
2025-07-03
Generated
2026-05-07
AI Q&A
2025-07-03
EPSS Evaluated
2026-05-05
NVD
CVE-2025-49618
EUVD
EUVD-2025-19875
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-402 The product makes resources available to untrusted parties when those resources are only intended to be accessed by the product.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in Plesk Obsidian 18.0.69 allows unauthenticated users to access the /login_up.php endpoint and retrieve sensitive AWS credentials, including accessKeyId, secretAccessKey, region, and endpoint information.


How can this vulnerability impact me? :

The exposure of AWS credentials can lead to unauthorized access to AWS resources, potentially allowing attackers to misuse cloud services, access sensitive data, or incur unexpected costs.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart