VDB
CVE-2025-10020
CVE-2025-10020
PUBLISHED
CVSS 8.5 HIGH
Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component.
EPSS 2.13% · 84.5th percentile
Risk Scores
CVSS 3.1
8.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score
2.13%
84.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zohocorp | ManageEngine ADManager Plus | 0 |
| zohocorp | manageengine_admanager_plus | 8.0, 8.0, 8.0 |
Timeline
- Sep 5, 2025 CVE ID Reserved
- Oct 21, 2025 Coalition ESS Score
- Oct 21, 2025 CVE Published
- Oct 21, 2025 PoC Published
- Oct 21, 2025 PoC Published
- Oct 22, 2025 EPSS Score
- Oct 22, 2025 Coalition ESS Score
- Oct 23, 2025 Coalition ESS Score
- Oct 24, 2025 Coalition ESS Score
- Oct 26, 2025 Coalition ESS Score
- Oct 28, 2025 EPSS Score
- Oct 28, 2025 Coalition ESS Score