CVE-2025-5496

CWE-269Improper Privilege Management3 documents3 sources
Severity
3.3LOW
EPSS
0.0%
top 99.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Zohocorp Endpoint CentralZohocorp Manageengine Endpoint Central
Timeline
PublishedOct 21

Description

ZohoCorp ManageEngine Endpoint Central versions earlier than 11.4.2508.14, 11.4.2516.06, and 11.4.2518.01 are affected by an arbitrary file deletion vulnerability in the agent setup component.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

NVDzohocorp/manageengine_endpoint_central11.4.2510.0111.4.2516.06+1
CVEListV5zohocorp/endpoint_central< 11.4.2508.14+2

🔴Vulnerability Details

2
CVEList
Arbitrary File Deletion2025-10-21
GHSA
GHSA-c58g-qw82-6m5x: ZohoCorp ManageEngine Endpoint Central versions earlier than 112025-10-21
CVE-2025-5496 (LOW CVSS 3.3) | ZohoCorp ManageEngine Endpoint Cent | cvebase.io