CVE-2025-3836

CWE-89SQL Injection3 documents3 sources
Severity
8.3HIGH
EPSS
3.2%
top 13.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Manageengine Adaudit PlusZohocorp Manageengine Adaudit Plus
Timeline
PublishedMay 22

Description

Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:LExploitability: 2.8 | Impact: 5.5

Affected Packages2 packages

CVEListV5manageengine/adaudit_plus< 8511

🔴Vulnerability Details

2
CVEList
SQL Injection2025-05-22
GHSA
GHSA-4w7r-x646-644r: Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report2025-05-22
CVE-2025-3836 (HIGH CVSS 8.3) | Zohocorp ManageEngine ADAudit Plus | cvebase.io