CVE-2024-24409
published 2024-11-08CVE-2024-24409: Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option.
PriorityP264high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
3.94%
89.1th percentile
Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| manageengine | admanager_plus | <= 7203 | — |
| zohocorp | manageengine_admanager_plus | — | — |
| zohocorp | manageengine_admanager_plus | — | — |
| zohocorp | manageengine_admanager_plus | — | — |
| zohocorp | manageengine_admanager_plus | — | — |
| zohocorp | manageengine_admanager_plus | — | — |
| zohocorp | manageengine_admanager_plus | — | — |
| zohocorp | manageengine_admanager_plus | — | — |
| zohocorp | manageengine_admanager_plus | — | — |
Detection & IOCsextracted from sources · hover to see the quote
urlhttps://docs.unsafe-inline.com/0day/admanager-plus-build-less-than-7210-elevation-of-privilege-vulnerability-cve-2024-24409↗
- →Monitor for unexpected modification of the `userAccountControl` attribute on computer objects via ADManager Plus, which may indicate abuse of the Modify Computers role to set Unconstrained or Constrained Kerberos Delegation. ↗
- →Monitor for unexpected modification of the `msDS-AllowedToDelegateTo` attribute on computer objects via ADManager Plus, which may indicate privilege escalation to Domain Admin via Constrained Kerberos Delegation abuse. ↗
- →Alert on any non-administrator (technician) account setting Constrained Kerberos Delegation (msDS-AllowedToDelegateTo) on computer objects, as this requires SeEnableDelegationPrivilege which should only be held by BUILTIN\Administrators members. ↗
- →Detect ADManager Plus technician accounts accessing CIFS, LDAP, or HOST services on domain controllers via Kerberos delegation tickets, which may indicate successful privilege escalation from Domain User to Domain Admin. ↗
- →Audit ADManager Plus 'Modify Computers' role assignments; the Additional Custom Attribute property is silently granted alongside this role, enabling modification of sensitive AD attributes beyond what the UI indicates. ↗
- ·Vulnerability is exploitable only by technician users who have been granted the 'Modify Computers' predefined role in ADManager Plus; scope is limited to computer objects within the Organizational Unit delegated to that technician. ↗
- ·Affected versions are ADManager Plus Build 7203 and prior (below 7210); organizations running Build 7210 or later are not affected by this specific privilege escalation path. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Wiz
CVE-2025-11670 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2025-11670 [HIGH] CVE-2025-11670 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-11670 :
Zoho ManageEngine ADManager Plus vulnerability analysis and mitigation
Zohocorp ManageEngine ADManager Plus versions before 8025 are vulnerable to NTLM Hash Exposure.
This vulnerability is exploitable only by technicians who have the “Impersonate as Admin” option enabled.
Source : NVD
## 4.3
Score
Published December 15, 2025
Severity MEDIUM
CNA Score 6.4
Affected Technologies
Zoho ManageEngine ADManager Plus
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:zohocorp:manageengine_admanager_plus
Sources
Windows Severity MEDIUM Has Fix Added at: Dec 16, 2025
Windows Severity MEDIUM N
Wiz
CVE-2025-9435 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2025-9435 [HIGH] CVE-2025-9435 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-9435 :
Zoho ManageEngine ADManager Plus vulnerability analysis and mitigation
Zohocorp ManageEngine ADManager Plus versions below 7230 are vulnerable to Path Traversal in the User Management module
Source : NVD
## 5.5
Score
Published January 13, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
Zoho ManageEngine ADManager Plus
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:zohocorp:manageengine_admanager_plus
Sources
Windows Severity MEDIUM Has Fix Added at: Jan 14, 2026
Windows Severity MEDIUM No Fix Added at: Jan 30, 2026
## Get a CVE risk assessment
Get a prioritized view
2024-11-08
Published