CVE-2025-65518 is a denial of service vulnerability identified in Plesk Obsidian versions 8.0.1 through 18.0.73. The vulnerability resides in the get_password.php endpoint of the Plesk web interface. An attacker can send a crafted HTTP request containing a malicious payload to this endpoint, which causes the web interface to enter a continuous reload loop. This behavior results in the service becoming unavailable to legitimate users, effectively causing a denial of service condition. The attack can be executed remotely without requiring any authentication or user interaction, increasing the risk of exploitation. The vulnerability affects the availability of the Plesk service but does not indicate any direct compromise of confidentiality or integrity. Although no known exploits have been reported in the wild yet, the flaw presents a significant risk due to its ease of exploitation and potential to disrupt hosting services. Plesk is widely used by hosting providers and enterprises for server and website management, making this vulnerability relevant for organizations relying on these versions. The lack of a CVSS score means severity must be assessed based on impact and exploitability factors. The vulnerability’s root cause appears to be insufficient input validation or improper handling of requests in the get_password.php endpoint, leading to a persistent reload state. This continuous reload likely consumes server resources and denies legitimate access to the management interface. The vulnerability was published on January 8, 2026, with no patches or mitigations currently linked, emphasizing the need for immediate attention from affected users.

For European organizations, the primary impact of CVE-2025-65518 is service unavailability of Plesk-managed web hosting or server management interfaces. This can disrupt business operations, especially for companies relying on Plesk for critical web services, email, or application hosting. The denial of service could lead to downtime, loss of customer trust, and potential financial losses. Organizations providing hosting services may face customer complaints and SLA breaches. Since the vulnerability can be exploited remotely without authentication, attackers can easily target exposed Plesk instances, increasing the risk of widespread disruption. The impact on confidentiality and integrity is minimal as the vulnerability does not allow data leakage or unauthorized modifications. However, the availability impact alone can be severe for sectors dependent on continuous web service operations, such as e-commerce, finance, and public services. Additionally, prolonged downtime could indirectly affect compliance with regulations like GDPR if personal data processing is interrupted. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, especially as exploit code could be developed rapidly given the vulnerability’s simplicity.

1. Immediately restrict external access to the get_password.php endpoint by implementing firewall rules or web application firewall (WAF) policies to limit requests to trusted IP addresses or internal networks. 2. Monitor web server logs and network traffic for unusual or repeated requests to get_password.php that could indicate exploitation attempts. 3. Apply vendor patches or updates as soon as they become available; maintain close communication with Plesk support for official remediation guidance. 4. If patching is not immediately possible, consider disabling or restricting the vulnerable endpoint temporarily to prevent exploitation. 5. Employ rate limiting on the Plesk web interface to reduce the impact of repeated malicious requests. 6. Conduct regular vulnerability scans and penetration tests focusing on Plesk installations to detect this and other vulnerabilities. 7. Educate system administrators about this vulnerability and ensure they have incident response plans to quickly address potential DoS incidents. 8. Consider deploying redundant or failover Plesk instances to minimize service disruption in case of an attack. 9. Keep all server software and dependencies up to date to reduce the attack surface.