CVE-2025-10020

CWE-77 — Command Injection3 documents3 sources

Severity

8.8HIGH

EPSS

0.6%

top 31.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zohocorp Manageengine Admanager Plus

Timeline

PublishedOct 21

Description

Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 1.8 | Impact: 6.0

Affected Packages2 packages

▶CVEListV5zohocorp/manageengine_admanager_plus< 8024

▶NVDzohocorp/manageengine_admanager_plus< 8.0+1

🔴Vulnerability Details

CVEList

Command Injection↗2025-10-21

▶

GHSA

GHSA-66pm-g8mp-38vm: Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script componen↗2025-10-21

▶