Advanced Threat Data Export

Filter and download the raw CVE repository (CSV/JSON) for SIEM integration and internal reporting.

Vulnerability Keyword

Date Range

Severity

Format

Upgrade Package

Data export is locked. Upgrade your package to enable filtering and downloading.

← Back to CVE List

CVE-2025-54336NVD

Description

In Plesk Obsidian 18.0.70, _isAdminPasswordValid uses an == comparison. Thus, if the correct password is "0e" followed by any digit string, then an attacker can login with any other string that evaluates to 0.0 (such as the 0e0 string). This occurs in admin/plib/LoginManager.php.

Severity Level

CRITICAL (9.8)

Published Date

19/08/2025

Last Modified

26/08/2025

Exploitation Status

UNKNOWN

References

https://blog.aziz.tn/2025/08/cve-2025-54336.html/
https://support.plesk.com/hc/en-us/articles/33785727869847-Vulnerability-CVE-2025-54336
https://www.plesk.com/blog/plesk-news-announcements/introducing-plesk-obsidian-18-0-70-anniversary-edition/

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

Advanced Threat Data Export

CVE-2025-54336NVD

Description

References