Severity
High
Analysis Summary
CVE-2025-10020 CVSS:9.9
Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component.
CVE-2025-6239 CVSS:6.5
Zohocorp ManageEngine Applications Manager versions 176800 and below are vulnerable to information disclosure in File/Directory monitor.
CVE-2025-9428 CVSS:8.3
Zohocorp ManageEngine Analytics Plus versions 6171 and prior are vulnerable to authenticated SQL Injection via the key update api.
CVE-2025-7473 CVSS:5.2
Zohocorp ManageEngine EndPoint Central versions 11.4.2516.1 and prior are vulnerable to XML Injection.
Impact
- Gain Access
- Information Disclosure
- Data Manipulation
Indicators of Compromise
CVE
CVE-2025-10020
CVE-2025-6239
CVE-2025-9428
CVE-2025-7473
Affected Vendors
Affected Products
- Zohocorp ManageEngine ADManager Plus 8024
- Zohocorp ManageEngine Applications Manager 176800
- Zohocorp ManageEngine Analytics Plus 6171
- Zohocorp ManageEngine EndPoint Central 11.4.2516.1
Remediation
Refer to Zohocorp ManageEngine Security Advisory for patch, upgrade, or suggested workaround information.