CVE-2025-11670

CWE-200Information Exposure4 documents4 sources
Severity
4.3MEDIUM
EPSS
0.0%
top 88.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zohocorp Manageengine Admanager Plus
Timeline
PublishedDec 15

Description

Zohocorp ManageEngine ADManager Plus versions before 8025 are vulnerable to NTLM Hash Exposure. This vulnerability is exploitable only by technicians who have the “Impersonate as Admin” option enabled.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:NExploitability: 3.1 | Impact: 2.7

Affected Packages2 packages

🔴Vulnerability Details

2
CVEList
NTLM Hash Exposure Vulnerability2025-12-15
GHSA
GHSA-3w6x-xqhx-2c63: Zohocorp ManageEngine ADManager Plus versions before 8025 are vulnerable to NTLM Hash Exposure2025-12-15

🕵️Threat Intelligence

1
Wiz
CVE-2025-11670 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-11670 (MEDIUM CVSS 4.3) | Zohocorp ManageEngine ADManager Plu | cvebase.io