cbcvebase.
CVE-2025-10020
published 2025-10-21

CVE-2025-10020: Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component.

PriorityP266high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
4.72%
90.7th percentile
Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component.

Affected

3 ranges
VendorProductVersion rangeFixed in
zohocorpmanageengine_admanager_plus< 80248024
zohocorpmanageengine_admanager_plus< 8.08.0
zohocorpmanageengine_admanager_plus

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2025-10020 is an authenticated command injection vulnerability located in the Custom Script component of ManageEngine ADManager Plus. Monitor for suspicious process spawning or shell execution originating from the ADManager Plus service process, particularly in the Custom Script execution path.
  • ·Exploitation requires authentication; the attack surface is limited to authenticated users with access to the Custom Script component. Restrict access to this component to trusted administrators only.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.