CVE-2025-5494Improper Privilege Management in Manageengine Endpoint Central

CWE-269Improper Privilege Management3 documents3 sources
Severity
7.8HIGHNVD
CNA3.9
EPSS
0.0%
top 96.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Zohocorp Manageengine Endpoint CentralZohocorp Endpoint Central
Timeline
PublishedSep 25

Description

ZohoCorp ManageEngine Endpoint Central was impacted by an improper privilege management issue in the agent setup. This issue affects Endpoint Central: through 11.4.2500.25, through 11.4.2508.13.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDzohocorp/manageengine_endpoint_central11.4.2508.0111.4.2508.14+1
CVEListV5zohocorp/endpoint_central11.4.2500.25+1

🔴Vulnerability Details

2
GHSA
GHSA-hwj5-gqwh-gh6c: ZohoCorp ManageEngine Endpoint Central was impacted by an improper privilege management issue in the agent setup2025-09-25
CVEList
Privilege Escalation2025-09-25
CVE-2025-5494 — Improper Privilege Management | cvebase