CVE-2025-8309

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

8.1HIGH

EPSS

0.0%

top 87.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Manageengine Asset Explorer Manageengine Servicedesk Plus Manageengine Servicedesk Plus MSP +1 more

Timeline

PublishedAug 20

Description

There is an improper privilege management vulnerability identified in ManageEngine's Asset Explorer, ServiceDesk Plus, ServiceDesk Plus MSP, and SupportCenter Plus products by Zohocorp. This vulnerability impacts Asset Explorer versions before 7710, ServiceDesk Plus versions before 15110, ServiceDesk Plus MSP versions before 14940, and SupportCenter Plus versions before 14940.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages4 packages

▶CVEListV5manageengine/servicedesk_plus< 15110

▶CVEListV5manageengine/servicedesk_plus_msp< 14940

▶CVEListV5manageengine/supportcenter_plus< 14940

▶CVEListV5manageengine/asset_explorer< 7710

🔴Vulnerability Details

GHSA

GHSA-2v7m-x9p5-qp96: There is an improper privilege management vulnerability identified in ManageEngine's Asset Explorer, ServiceDesk Plus, ServiceDesk Plus MSP, and Suppo↗2025-08-20

▶

CVEList

User privilege escalation vulnerability↗2025-08-20

▶