CVE-2025-54336 is a critical authentication bypass vulnerability found in Plesk Obsidian version 18.0.70, specifically within the admin/plib/LoginManager.php file. The vulnerability arises from the use of a weak comparison operator (==) in the _isAdminPasswordValid function. This function compares the provided password against the stored admin password using a loose equality check. If the correct password begins with "0e" followed by digits (e.g., "0e12345"), PHP interprets this string as a floating-point number in scientific notation, effectively evaluating it to 0.0. Due to the loose comparison, any other string that also evaluates to 0.0 (such as "0e0") will be considered equal, allowing an attacker to bypass authentication by submitting a crafted password string that matches this pattern. This vulnerability is a classic example of CWE-697 (Incorrect Comparison), where improper use of comparison operators leads to security flaws. The CVSS v3.1 base score is 9.8 (critical), reflecting the vulnerability's ease of exploitation (no privileges or user interaction required), network attack vector, and the potential for complete compromise of confidentiality, integrity, and availability of the affected system. Although no known exploits are reported in the wild yet, the nature of the flaw makes it highly exploitable by remote attackers seeking to gain unauthorized administrative access to Plesk servers. Plesk is a widely used web hosting control panel, and this vulnerability directly impacts the security of hosted websites and server management interfaces.

For European organizations, this vulnerability poses a severe risk, especially for those relying on Plesk Obsidian 18.0.70 for web hosting and server management. Successful exploitation grants attackers administrative access without valid credentials, enabling them to manipulate hosted websites, deploy malicious content, steal sensitive data, or disrupt services. This can lead to data breaches involving personal data protected under GDPR, resulting in regulatory penalties and reputational damage. Additionally, compromised servers can be leveraged for further attacks such as lateral movement within corporate networks, launching phishing campaigns, or distributing malware. The critical nature of the vulnerability means that attackers can operate stealthily without user interaction, increasing the likelihood of undetected breaches. European organizations in sectors like finance, healthcare, e-commerce, and government, which often use Plesk for hosting, are particularly at risk due to the sensitive nature of their data and services.

To mitigate this vulnerability, European organizations should immediately upgrade Plesk Obsidian to a patched version once released by the vendor. In the interim, administrators should implement strict password policies avoiding passwords that start with "0e" followed by digits to prevent triggering the flawed comparison. Additionally, reviewing and modifying the authentication code to use strict comparison operators (===) instead of loose equality (==) is essential to prevent type juggling vulnerabilities. Organizations should also enable multi-factor authentication (MFA) for Plesk admin accounts to add an additional security layer. Monitoring login attempts and setting up alerts for suspicious activities can help detect exploitation attempts early. Network-level protections such as restricting access to the Plesk admin interface via IP whitelisting or VPNs can reduce exposure. Regular security audits and penetration testing focusing on authentication mechanisms will help identify similar weaknesses. Finally, educating administrators about this vulnerability and secure coding practices can prevent recurrence.