Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for Endpoint Central by Zohocorp

    CVE-2025-7473 (GCVE-0-2025-7473)

    Vulnerability from nvd – Published: 2025-10-21 10:58 – Updated: 2025-10-21 13:24
    VLAI
    Title
    XML Injection
    Summary
    Zohocorp ManageEngine EndPoint Central versions 11.4.2516.1 and prior are vulnerable to XML Injection.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-91 - XML Injection (aka Blind XPath Injection)
    Assigner
    Impacted products
    Vendor Product Version
    Zohocorp Endpoint Central Affected: 0 , ≤ 11.4.2516.1 (11.4.2516.1)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7473",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-21T13:24:23.990497Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T13:24:38.046Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Endpoint Central",
              "vendor": "Zohocorp",
              "versions": [
                {
                  "lessThanOrEqual": "11.4.2516.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "11.4.2516.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Zohocorp ManageEngine EndPoint Central versions\u0026nbsp;11.4.2516.1 and prior are vulnerable to XML Injection."
                }
              ],
              "value": "Zohocorp ManageEngine EndPoint Central versions\u00a011.4.2516.1 and prior are vulnerable to XML Injection."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-91",
                  "description": "CWE-91 XML Injection (aka Blind XPath Injection)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-21T10:58:47.949Z",
            "orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
            "shortName": "Zohocorp"
          },
          "references": [
            {
              "url": "https://www.manageengine.com/products/desktop-central/parsing-xml-data.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "XML Injection",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
        "assignerShortName": "Zohocorp",
        "cveId": "CVE-2025-7473",
        "datePublished": "2025-10-21T10:58:47.949Z",
        "dateReserved": "2025-07-11T12:34:38.612Z",
        "dateUpdated": "2025-10-21T13:24:38.046Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-5496 (GCVE-0-2025-5496)

    Vulnerability from nvd – Published: 2025-10-21 10:04 – Updated: 2025-10-21 13:31
    VLAI
    Title
    Arbitrary File Deletion
    Summary
    ZohoCorp ManageEngine Endpoint Central versions earlier than 11.4.2508.14, 11.4.2516.06, and 11.4.2518.01 are affected by an arbitrary file deletion vulnerability in the agent setup component.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    Zohocorp Endpoint Central Affected: 0 , < 11.4.2508.14 (11.4.2518.01)
    Affected: 0 , < 11.4.2516.06 (11.4.2508.14)
    Affected: 0 , < 11.4.2518.01 (11.4.2508.14)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-5496",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-21T13:31:09.600760Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T13:31:28.145Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Endpoint Central",
              "vendor": "Zohocorp",
              "versions": [
                {
                  "lessThan": "11.4.2508.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "11.4.2518.01"
                },
                {
                  "lessThan": "11.4.2516.06",
                  "status": "affected",
                  "version": "0",
                  "versionType": "11.4.2508.14"
                },
                {
                  "lessThan": "11.4.2518.01",
                  "status": "affected",
                  "version": "0",
                  "versionType": "11.4.2508.14"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "ZohoCorp ManageEngine Endpoint Central versions earlier than 11.4.2508.14, 11.4.2516.06, and 11.4.2518.01 are affected by an arbitrary file deletion vulnerability in the agent setup component.\u003cbr\u003e"
                }
              ],
              "value": "ZohoCorp ManageEngine Endpoint Central versions earlier than 11.4.2508.14, 11.4.2516.06, and 11.4.2518.01 are affected by an arbitrary file deletion vulnerability in the agent setup component."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-21T10:04:08.316Z",
            "orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
            "shortName": "Zohocorp"
          },
          "references": [
            {
              "url": "https://www.manageengine.com/products/desktop-central/kb/arbitrary-file-deletion-allows-local-privilege-escalation.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Arbitrary File Deletion",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
        "assignerShortName": "Zohocorp",
        "cveId": "CVE-2025-5496",
        "datePublished": "2025-10-21T10:04:08.316Z",
        "dateReserved": "2025-06-03T05:05:29.333Z",
        "dateUpdated": "2025-10-21T13:31:28.145Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-5494 (GCVE-0-2025-5494)

    Vulnerability from nvd – Published: 2025-09-25 13:11 – Updated: 2025-09-25 15:15
    VLAI
    Title
    Privilege Escalation
    Summary
    ZohoCorp ManageEngine Endpoint Central was impacted by an improper privilege management issue in the agent setup. This issue affects Endpoint Central: through 11.4.2500.25, through 11.4.2508.13.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    Zohocorp Endpoint Central Affected: 0 , ≤ 11.4.2500.25 (11.4.2500.25)
    Affected: 0 , ≤ 11.4.2508.13 (11.4.2508.13)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-5494",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-25T15:15:12.267361Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-25T15:15:34.354Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Endpoint Central",
              "vendor": "Zohocorp",
              "versions": [
                {
                  "lessThanOrEqual": "11.4.2500.25",
                  "status": "affected",
                  "version": "0",
                  "versionType": "11.4.2500.25"
                },
                {
                  "lessThanOrEqual": "11.4.2508.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "11.4.2508.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eZohoCorp ManageEngine Endpoint Central was impacted by an improper privilege management issue in the agent setup.\u003c/p\u003e\u003cp\u003eThis issue affects Endpoint Central: through 11.4.2500.25, through 11.4.2508.13.\u003c/p\u003e"
                }
              ],
              "value": "ZohoCorp ManageEngine Endpoint Central was impacted by an improper privilege management issue in the agent setup.\n\nThis issue affects Endpoint Central: through 11.4.2500.25, through 11.4.2508.13."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 3.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-25T13:11:49.423Z",
            "orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
            "shortName": "Zohocorp"
          },
          "references": [
            {
              "url": "https://www.manageengine.com/products/desktop-central/privilege-escalation-endpointcentral-agent.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Privilege Escalation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
        "assignerShortName": "Zohocorp",
        "cveId": "CVE-2025-5494",
        "datePublished": "2025-09-25T13:11:49.423Z",
        "dateReserved": "2025-06-03T04:57:16.858Z",
        "dateUpdated": "2025-09-25T15:15:34.354Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-7473 (GCVE-0-2025-7473)

    Vulnerability from cvelistv5 – Published: 2025-10-21 10:58 – Updated: 2025-10-21 13:24
    VLAI
    Title
    XML Injection
    Summary
    Zohocorp ManageEngine EndPoint Central versions 11.4.2516.1 and prior are vulnerable to XML Injection.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-91 - XML Injection (aka Blind XPath Injection)
    Assigner
    Impacted products
    Vendor Product Version
    Zohocorp Endpoint Central Affected: 0 , ≤ 11.4.2516.1 (11.4.2516.1)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7473",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-21T13:24:23.990497Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T13:24:38.046Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Endpoint Central",
              "vendor": "Zohocorp",
              "versions": [
                {
                  "lessThanOrEqual": "11.4.2516.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "11.4.2516.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Zohocorp ManageEngine EndPoint Central versions\u0026nbsp;11.4.2516.1 and prior are vulnerable to XML Injection."
                }
              ],
              "value": "Zohocorp ManageEngine EndPoint Central versions\u00a011.4.2516.1 and prior are vulnerable to XML Injection."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-91",
                  "description": "CWE-91 XML Injection (aka Blind XPath Injection)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-21T10:58:47.949Z",
            "orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
            "shortName": "Zohocorp"
          },
          "references": [
            {
              "url": "https://www.manageengine.com/products/desktop-central/parsing-xml-data.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "XML Injection",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
        "assignerShortName": "Zohocorp",
        "cveId": "CVE-2025-7473",
        "datePublished": "2025-10-21T10:58:47.949Z",
        "dateReserved": "2025-07-11T12:34:38.612Z",
        "dateUpdated": "2025-10-21T13:24:38.046Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-5496 (GCVE-0-2025-5496)

    Vulnerability from cvelistv5 – Published: 2025-10-21 10:04 – Updated: 2025-10-21 13:31
    VLAI
    Title
    Arbitrary File Deletion
    Summary
    ZohoCorp ManageEngine Endpoint Central versions earlier than 11.4.2508.14, 11.4.2516.06, and 11.4.2518.01 are affected by an arbitrary file deletion vulnerability in the agent setup component.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    Zohocorp Endpoint Central Affected: 0 , < 11.4.2508.14 (11.4.2518.01)
    Affected: 0 , < 11.4.2516.06 (11.4.2508.14)
    Affected: 0 , < 11.4.2518.01 (11.4.2508.14)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-5496",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-21T13:31:09.600760Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T13:31:28.145Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Endpoint Central",
              "vendor": "Zohocorp",
              "versions": [
                {
                  "lessThan": "11.4.2508.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "11.4.2518.01"
                },
                {
                  "lessThan": "11.4.2516.06",
                  "status": "affected",
                  "version": "0",
                  "versionType": "11.4.2508.14"
                },
                {
                  "lessThan": "11.4.2518.01",
                  "status": "affected",
                  "version": "0",
                  "versionType": "11.4.2508.14"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "ZohoCorp ManageEngine Endpoint Central versions earlier than 11.4.2508.14, 11.4.2516.06, and 11.4.2518.01 are affected by an arbitrary file deletion vulnerability in the agent setup component.\u003cbr\u003e"
                }
              ],
              "value": "ZohoCorp ManageEngine Endpoint Central versions earlier than 11.4.2508.14, 11.4.2516.06, and 11.4.2518.01 are affected by an arbitrary file deletion vulnerability in the agent setup component."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-21T10:04:08.316Z",
            "orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
            "shortName": "Zohocorp"
          },
          "references": [
            {
              "url": "https://www.manageengine.com/products/desktop-central/kb/arbitrary-file-deletion-allows-local-privilege-escalation.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Arbitrary File Deletion",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
        "assignerShortName": "Zohocorp",
        "cveId": "CVE-2025-5496",
        "datePublished": "2025-10-21T10:04:08.316Z",
        "dateReserved": "2025-06-03T05:05:29.333Z",
        "dateUpdated": "2025-10-21T13:31:28.145Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-5494 (GCVE-0-2025-5494)

    Vulnerability from cvelistv5 – Published: 2025-09-25 13:11 – Updated: 2025-09-25 15:15
    VLAI
    Title
    Privilege Escalation
    Summary
    ZohoCorp ManageEngine Endpoint Central was impacted by an improper privilege management issue in the agent setup. This issue affects Endpoint Central: through 11.4.2500.25, through 11.4.2508.13.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    Zohocorp Endpoint Central Affected: 0 , ≤ 11.4.2500.25 (11.4.2500.25)
    Affected: 0 , ≤ 11.4.2508.13 (11.4.2508.13)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-5494",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-25T15:15:12.267361Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-25T15:15:34.354Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Endpoint Central",
              "vendor": "Zohocorp",
              "versions": [
                {
                  "lessThanOrEqual": "11.4.2500.25",
                  "status": "affected",
                  "version": "0",
                  "versionType": "11.4.2500.25"
                },
                {
                  "lessThanOrEqual": "11.4.2508.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "11.4.2508.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eZohoCorp ManageEngine Endpoint Central was impacted by an improper privilege management issue in the agent setup.\u003c/p\u003e\u003cp\u003eThis issue affects Endpoint Central: through 11.4.2500.25, through 11.4.2508.13.\u003c/p\u003e"
                }
              ],
              "value": "ZohoCorp ManageEngine Endpoint Central was impacted by an improper privilege management issue in the agent setup.\n\nThis issue affects Endpoint Central: through 11.4.2500.25, through 11.4.2508.13."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 3.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-25T13:11:49.423Z",
            "orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
            "shortName": "Zohocorp"
          },
          "references": [
            {
              "url": "https://www.manageengine.com/products/desktop-central/privilege-escalation-endpointcentral-agent.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Privilege Escalation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
        "assignerShortName": "Zohocorp",
        "cveId": "CVE-2025-5494",
        "datePublished": "2025-09-25T13:11:49.423Z",
        "dateReserved": "2025-06-03T04:57:16.858Z",
        "dateUpdated": "2025-09-25T15:15:34.354Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }