CVE-2025-11248Log File Information Exposure in Manageengine Endpoint Central

CWE-532Log File Information Exposure3 documents3 sources
Severity
4.3MEDIUMNVD
CNA3.2
EPSS
0.2%
top 61.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zohocorp Manageengine Endpoint Central
Timeline
PublishedOct 27

Description

ZohoCorp ManageEngine Endpoint Central versions prior to 11.4.2528.05 are vulnerable to a sensitive information logging issue. An authenticated user with access to the logs could potentially obtain the sensitive agent token.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5zohocorp/manageengine_endpoint_central< 11.4.2528.05

🔴Vulnerability Details

2
GHSA
GHSA-8r3p-hrm4-g839: ZohoCorp ManageEngine Endpoint Central versions prior to 112025-10-27
CVEList
Sensitive Information Logged2025-10-27
CVE-2025-11248 — Log File Information Exposure | cvebase