CVE-2025-9435 — Path Traversal in Manageengine Admanager Plus

CWE-22 — Path Traversal4 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 95.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zohocorp Manageengine Admanager Plus

Timeline

PublishedJan 13

Description

Zohocorp ManageEngine ADManager Plus versions below 7230 are vulnerable to Path Traversal in the User Management module

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:LExploitability: 2.1 | Impact: 3.4

Affected Packages2 packages

▶CVEListV5zohocorp/manageengine_admanager_plus< 7230

▶NVDzohocorp/manageengine_admanager_plus< 7.2+1

Patches

Patch: www.manageengine.com ↗

🔴Vulnerability Details

CVEList

Path Traversal↗2026-01-13

▶

GHSA

GHSA-85xf-m3mr-6pq2: Zohocorp ManageEngine ADManager Plus versions below 7230 are vulnerable to Path Traversal in the User Management module↗2026-01-13

▶

🕵️Threat Intelligence

Wiz

CVE-2025-9435 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶