Analysis Summary

CVE-2025-41403 CVSS:8.3

Zoho ManageEngine ADAudit Plus is vulnerable to SQL injection. A remote authenticated attacker could send specially crafted SQL statements while fetching service account audit data, which could allow the attacker to view, add, modify or delete information in the back-end database.

CVE-2025-3836 CVSS:8.3

Zoho ManageEngine ADAudit Plus is vulnerable to SQL injection. A remote authenticated attacker could send specially crafted SQL statements to the logon events aggregate report, which could allow the attacker to view, add, modify or delete information in the back-end database.

CVE-2025-3444 CVSS:6.5

Zoho ManageEngine ServiceDesk Plus and SupportCenter Plus could allow a remote authenticated attacker to include arbitrary files, caused by improper validation of user requests. An attacker could send a specially crafted URL request to the Admin module to specify a malicious file from the local system, which could allow the attacker to obtain sensitive information from the vulnerable Web server.

CVE-2025-3834 CVSS:8.1

Zoho ManageEngine ADAudit Plus is vulnerable to SQL injection. A remote authenticated attacker could send specially crafted SQL statements to the OU History report, which could allow the attacker to view, add, modify or delete information in the back-end database.

Impact

• Gain Access
• Data Manipulation

Indicators of Compromise

CVE

• CVE-2025-41403

• CVE-2025-3836

• CVE-2025-3444

• CVE-2025-3834

Affected Vendors

Remediation

Refer to Zoho ManageEngine Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2025-41403

CVE-2025-3836

CVE-2025-3444

CVE-2025-3834