VDB

CVE-2025-10020

CVE-2025-10020 PUBLISHED CVSS 8.5 HIGH

Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component.

EPSS 2.13% · 84.5th percentile

Risk Scores

CVSS 3.1
8.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score
2.13%
84.5th percentile

Affected Products

VendorProductVersions
ZohocorpManageEngine ADManager Plus0
zohocorpmanageengine_admanager_plus8.0, 8.0, 8.0

Timeline

  • Sep 5, 2025 CVE ID Reserved
  • Oct 21, 2025 Coalition ESS Score
  • Oct 21, 2025 CVE Published
  • Oct 21, 2025 PoC Published
  • Oct 21, 2025 PoC Published
  • Oct 22, 2025 EPSS Score
  • Oct 22, 2025 Coalition ESS Score
  • Oct 23, 2025 Coalition ESS Score
  • Oct 24, 2025 Coalition ESS Score
  • Oct 26, 2025 Coalition ESS Score
  • Oct 28, 2025 EPSS Score
  • Oct 28, 2025 Coalition ESS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›