8.8
CVE-2025-10020
- EPSS 0.91%
- Veröffentlicht 21.10.2025 12:12:02
- Zuletzt bearbeitet 24.10.2025 12:58:03
- Quelle 0fc0942c-577d-436f-ae8e-945763
- CVE-Watchlists
- Unerledigt
Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
Zohocorp ≫ Manageengine Admanager Plus Version < 8.0
Zohocorp ≫ Manageengine Admanager Plus Version8.0 Update8001
Zohocorp ≫ Manageengine Admanager Plus Version8.0 Update8002
Zohocorp ≫ Manageengine Admanager Plus Version8.0 Update8010
Zohocorp ≫ Manageengine Admanager Plus Version8.0 Update8011
Zohocorp ≫ Manageengine Admanager Plus Version8.0 Update8012
Zohocorp ≫ Manageengine Admanager Plus Version8.0 Update8020
Zohocorp ≫ Manageengine Admanager Plus Version8.0 Update8021
Zohocorp ≫ Manageengine Admanager Plus Version8.0 Update8022
Zohocorp ≫ Manageengine Admanager Plus Version8.0 Update8023
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.91% | 0.751 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| 0fc0942c-577d-436f-ae8e-945763c79b02 | 8.5 | 1.8 | 6 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
|
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.