CVE-2025-10020
published 2025-10-21CVE-2025-10020: Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component.
PriorityP266high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
4.72%
90.7th percentile
Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zohocorp | manageengine_admanager_plus | < 8024 | 8024 |
| zohocorp | manageengine_admanager_plus | < 8.0 | 8.0 |
| zohocorp | manageengine_admanager_plus | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2025-10020 is an authenticated command injection vulnerability located in the Custom Script component of ManageEngine ADManager Plus. Monitor for suspicious process spawning or shell execution originating from the ADManager Plus service process, particularly in the Custom Script execution path. ↗
- ·Exploitation requires authentication; the attack surface is limited to authenticated users with access to the Custom Script component. Restrict access to this component to trusted administrators only. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2025-11670 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2025-11670 [HIGH] CVE-2025-11670 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-11670 :
Zoho ManageEngine ADManager Plus vulnerability analysis and mitigation
Zohocorp ManageEngine ADManager Plus versions before 8025 are vulnerable to NTLM Hash Exposure.
This vulnerability is exploitable only by technicians who have the “Impersonate as Admin” option enabled.
Source : NVD
## 4.3
Score
Published December 15, 2025
Severity MEDIUM
CNA Score 6.4
Affected Technologies
Zoho ManageEngine ADManager Plus
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:zohocorp:manageengine_admanager_plus
Sources
Windows Severity MEDIUM Has Fix Added at: Dec 16, 2025
Windows Severity MEDIUM N
Wiz
CVE-2025-9435 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2025-9435 [HIGH] CVE-2025-9435 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-9435 :
Zoho ManageEngine ADManager Plus vulnerability analysis and mitigation
Zohocorp ManageEngine ADManager Plus versions below 7230 are vulnerable to Path Traversal in the User Management module
Source : NVD
## 5.5
Score
Published January 13, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
Zoho ManageEngine ADManager Plus
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:zohocorp:manageengine_admanager_plus
Sources
Windows Severity MEDIUM Has Fix Added at: Jan 14, 2026
Windows Severity MEDIUM No Fix Added at: Jan 30, 2026
## Get a CVE risk assessment
Get a prioritized view
2025-10-21
Published