CVE-2025-3444

EPSS 0.08%
Published 22.05.2025 10:31:48
Last modified 17.06.2025 20:18:53
Source 0fc0942c-577d-436f-ae8e-945763
Teams watchlist Login
Open Login

Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter Plus versions below 14920 are vulnerable to authenticated Local File Inclusion (LFI) in the Admin module, where help card content is loaded.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Zohocorp ≫ Manageengine Servicedesk Plus Msp Version <= 14.8

Zohocorp ≫ Manageengine Servicedesk Plus Msp Version14.9 Update14900

Zohocorp ≫ Manageengine Servicedesk Plus Msp Version14.9 Update14910

Zohocorp ≫ Manageengine Supportcenter Plus Version <= 14.8

Zohocorp ≫ Manageengine Supportcenter Plus Version14.9 Update14900

Zohocorp ≫ Manageengine Supportcenter Plus Version14.9 Update14910

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.08%	0.245

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
0fc0942c-577d-436f-ae8e-945763c79b02	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://www.manageengine.com/products/service-desk-msp/cve-2025-3444.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-3444

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-3444

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-3444

EUVD