CVE-2024-48878
published 2024-11-04CVE-2024-48878: Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report.
PriorityP354high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.50%
71.1th percentile
Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| manageengine | admanager_plus | <= 7241 | — |
| zohocorp | manageengine_admanager_plus | < 7.2 | 7.2 |
| zohocorp | manageengine_admanager_plus | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2025-11670 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2025-11670 [HIGH] CVE-2025-11670 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-11670 :
Zoho ManageEngine ADManager Plus vulnerability analysis and mitigation
Zohocorp ManageEngine ADManager Plus versions before 8025 are vulnerable to NTLM Hash Exposure.
This vulnerability is exploitable only by technicians who have the “Impersonate as Admin” option enabled.
Source : NVD
## 4.3
Score
Published December 15, 2025
Severity MEDIUM
CNA Score 6.4
Affected Technologies
Zoho ManageEngine ADManager Plus
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:zohocorp:manageengine_admanager_plus
Sources
Windows Severity MEDIUM Has Fix Added at: Dec 16, 2025
Windows Severity MEDIUM N
Wiz
CVE-2025-9435 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2025-9435 [HIGH] CVE-2025-9435 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-9435 :
Zoho ManageEngine ADManager Plus vulnerability analysis and mitigation
Zohocorp ManageEngine ADManager Plus versions below 7230 are vulnerable to Path Traversal in the User Management module
Source : NVD
## 5.5
Score
Published January 13, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
Zoho ManageEngine ADManager Plus
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:zohocorp:manageengine_admanager_plus
Sources
Windows Severity MEDIUM Has Fix Added at: Jan 14, 2026
Windows Severity MEDIUM No Fix Added at: Jan 30, 2026
## Get a CVE risk assessment
Get a prioritized view
2024-11-04
Published