Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-10020

Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component.

Published

2025-10-21T13:15:35.487

Last Modified

2025-10-24T12:58:03.523

Status

Analyzed

Source

0fc0942c-577d-436f-ae8e-945763c79b02

Severity

CVSSv3.1: 8.5 (HIGH)

Weaknesses

Type: Secondary
CWE-77

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	zohocorp	manageengine_admanager_plus	< 8.0	Yes
Application	zohocorp	manageengine_admanager_plus	8.0	Yes
Application	zohocorp	manageengine_admanager_plus	8.0	Yes
Application	zohocorp	manageengine_admanager_plus	8.0	Yes
Application	zohocorp	manageengine_admanager_plus	8.0	Yes
Application	zohocorp	manageengine_admanager_plus	8.0	Yes
Application	zohocorp	manageengine_admanager_plus	8.0	Yes
Application	zohocorp	manageengine_admanager_plus	8.0	Yes
Application	zohocorp	manageengine_admanager_plus	8.0	Yes
Application	zohocorp	manageengine_admanager_plus	8.0	Yes

References

https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2025-10020.html Vendor Advisory (0fc0942c-577d-436f-ae8e-945763c79b02)