Is Plesk affected by PTT-2025-021 vulnerability in AWStats?

Situation

0-days OS command injection vulnerability identified as PTT-2025-021 has been discovered in AWStats (all versions, including the latest one) which has not been fixed yet by the AWStats vendor.

Impact

Plesk is not vulnerable as customizing the AWStats configuration is not allowed in Plesk.

Call to action

No additional action is required as Plesk is not affected by this vulnerability.

On Plesk servers with operating systems AlmaLinux 10 and Windows Server, AWStats is shipped by Plesk, and thus, a security patch for AWStats was released in Plesk Obsidian 18.0.74.