Facebook
Twitter
presswizards
New Pleskian
- Server operating system version
- Ubuntu 24
- Plesk version and microupdate number
- Plesk Obsidian 18.0.73 Update #3 Web Host Edition
I am looking at Plesk changelogs etc to see if the free or paid Imunify or related extensions now included or available in Plesk has been updated yet against:
Critical: Remote Code Execution via Malicious Obfuscated Malware in Imunify360 AV (AI-bolit)
(published November 12 2025)
I do not see any changelog entries or updates from Plesk anywhere showing this issue, how to verify if servers are already patched, etc... very concerning to me that this has not been communicated at all, especially since it is an unauthenticated privilege escalation to root access vulnerability. This should be alarming to all users and should be cause for widespread reassurance from Plesk themselves...
https://docs.plesk.com/release-notes/obsidian/change-log/
"Shared hosting escalation: On shared hosting, successful exploitation can lead to privilege escalation and root access depending on how the scanner is deployed and its privileges. if imunify360AV or its wrapper runs with elevated privileges an attacker could leverage RCE to move from a single compromised site to complete host control."
from Critical: Remote Code Execution via Malicious Obfuscated Malware in Imunify360 AV (AI-bolit)
21 Oct 2025
Imunify releases a patch (DEF-36789) and advises customers to update:
DEF-36789 Fix `deobfuscateDeltaOrd` and `deobfuscateEvalHexFunc` functions
4 Nov 2025
Public Zendesk forum post advising upgrade due to critical security issue:
https://cloudlinux.zendesk.com/hc/e...ity-vulnerability-before-v32-7-4-0-incident99
10 Nov 2025
Security backport in changelogs (DEF-37355):
DEF-37355 Security backport: Fix RCE vulnerability (DEF-36789) for CL6 ai-bolit 1:32.1.10-1
10 Nov 2025
Blog post
Critical: Remote Code Execution via Malicious Obfuscated Malware in Imunify360 AV (AI-bolit)
(published November 12 2025)
I do not see any changelog entries or updates from Plesk anywhere showing this issue, how to verify if servers are already patched, etc... very concerning to me that this has not been communicated at all, especially since it is an unauthenticated privilege escalation to root access vulnerability. This should be alarming to all users and should be cause for widespread reassurance from Plesk themselves...
https://docs.plesk.com/release-notes/obsidian/change-log/
"Shared hosting escalation: On shared hosting, successful exploitation can lead to privilege escalation and root access depending on how the scanner is deployed and its privileges. if imunify360AV or its wrapper runs with elevated privileges an attacker could leverage RCE to move from a single compromised site to complete host control."
from Critical: Remote Code Execution via Malicious Obfuscated Malware in Imunify360 AV (AI-bolit)
21 Oct 2025
Imunify releases a patch (DEF-36789) and advises customers to update:
DEF-36789 Fix `deobfuscateDeltaOrd` and `deobfuscateEvalHexFunc` functions
4 Nov 2025
Public Zendesk forum post advising upgrade due to critical security issue:
https://cloudlinux.zendesk.com/hc/e...ity-vulnerability-before-v32-7-4-0-incident99
10 Nov 2025
Security backport in changelogs (DEF-37355):
DEF-37355 Security backport: Fix RCE vulnerability (DEF-36789) for CL6 ai-bolit 1:32.1.10-1
10 Nov 2025
Blog post
