CVE-2025-3444

EPSS 1.23%
Veröffentlicht 22.05.2025 10:31:48
Zuletzt bearbeitet 17.06.2025 20:18:53
Quelle 0fc0942c-577d-436f-ae8e-945763
CVE-Watchlists
Login
Unerledigt
Login

Local File Inclusion

Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter Plus versions below 14920 are vulnerable to authenticated Local File Inclusion (LFI) in the Admin module, where help card content is loaded.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 6 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zohocorp ≫ Manageengine Servicedesk Plus Msp Version <= 14.8

Zohocorp ≫ Manageengine Servicedesk Plus Msp Version14.9 Update14900

Zohocorp ≫ Manageengine Servicedesk Plus Msp Version14.9 Update14910

Zohocorp ≫ Manageengine Supportcenter Plus Version <= 14.8

Zohocorp ≫ Manageengine Supportcenter Plus Version14.9 Update14900

Zohocorp ≫ Manageengine Supportcenter Plus Version14.9 Update14910

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.23%	0.649

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
0fc0942c-577d-436f-ae8e-945763c79b02	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://www.manageengine.com/products/service-desk-msp/cve-2025-3444.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-3444

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-3444

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-3444

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-3444