A Local Privilege Escalation (LPE) vulnerability identified as CVE-2025-66430 with a CVSS 9.1 severity score has been detected in the widely used Plesk platform. This vulnerability allows any Plesk user with limited privileges to inject malicious data into the Apache configuration, enabling them to execute arbitrary commands on the server with root privileges. This poses a risk of cross-contamination to all server commands and customer data, particularly in shared hosting environments.
