CVE-2025-3834

CWE-89SQL Injection3 documents3 sources
Severity
8.1HIGH
EPSS
3.1%
top 13.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Manageengine Adaudit PlusZohocorp Manageengine Adaudit Plus
Timeline
PublishedMay 14

Description

Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the OU History report.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

CVEListV5manageengine/adaudit_plus< 8511

🔴Vulnerability Details

2
CVEList
SQL Injection2025-05-14
GHSA
GHSA-8qhh-qg7r-qg2v: Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the OU History report2025-05-14
CVE-2025-3834 (HIGH CVSS 8.1) | Zohocorp ManageEngine ADAudit Plus | cvebase.io