{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-12T12:19:47.797","vulnerabilities":[{"cve":{"id":"CVE-2025-49618","sourceIdentifier":"cve@mitre.org","published":"2025-07-03T13:15:28.860","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"In Plesk Obsidian 18.0.69, unauthenticated requests to /login_up.php can reveal an AWS accessKeyId, secretAccessKey, region, and endpoint."},{"lang":"es","value":"En Plesk Obsidian 18.0.69, las solicitudes no autenticadas a /login_up.php pueden revelar un AWS accessKeyId, un secretAccessKey, una región y un endpoint."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-402"}]}],"references":[{"url":"https://www.linkedin.com/posts/gaetano-cesano-976420200_qualche-giorno-fa-stavo-testando-plesk-obsidian-activity-7341794923198709761-by9G","source":"cve@mitre.org"},{"url":"https://www.plesk.com/blog/plesk-news-announcements/plesk-obsidian-18-0-69-is-here/","source":"cve@mitre.org"}]}}]}