Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-49618


In Plesk Obsidian 18.0.69, unauthenticated requests to /login_up.php can reveal an AWS accessKeyId, secretAccessKey, region, and endpoint.


Published

2025-07-03T13:15:28.860

Last Modified

2025-07-03T15:13:53.147

Status

Awaiting Analysis

Source

[email protected]

Severity

CVSSv3.1: 5.8 (MEDIUM)

Weaknesses
  • Type: Primary
    CWE-402

Affected Vendors & Products

-


References