CVE 9.9 CRITICAL

Command Injection_CVE-2025-10020

October 21, 2025 invoker category_cve

9.9 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Description

Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component.

AI Analysis

Authenticated command injection vulnerability in the Custom Script component of ManageEngine ADManager Plus

Basic Information

ID CVE-2025-10020

Source Zohocorp

Published Oct 21, 2025 at 12:12

Modified Oct 21, 2025 at 13:20

Affected Product

Vendor Zohocorp

Product ManageEngine ADManager Plus

Version before 8024

Affected Versions Zohocorp ManageEngine ADManager Plus 0

CWE Classification

CWE-77

AI Assessment

AI Score 9.9 / 10

AI Severity Critical

Vendor Zohocorp

Product ManageEngine ADManager Plus

Version before 8024

References

www.manageengine.com /products/ad-manager/admanager-kb/cve-2025-10020.html

{
    "lastseen": "",
    "description": "Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component.",
    "published": "2025-10-21T12:12:02.187Z",
    "modified": "2025-10-21T13:20:28.585Z",
    "type": "cve",
    "title": "Command Injection",
    "source": "Zohocorp",
    "references": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2025-10020.html",
    "id": "CVE-2025-10020",
    "bulletinFamily": "",
    "cwe": [
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "Zohocorp ManageEngine ADManager Plus 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.9,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ManageEngine ADManager Plus",
    "version": "before 8024",
    "vendor": "Zohocorp",
    "ai_description": "Authenticated command injection vulnerability in the Custom Script component of ManageEngine ADManager Plus",
    "ai_severity": "Critical",
    "ai_vendor": "Zohocorp",
    "ai_product": "ManageEngine ADManager Plus",
    "ai_version": "before 8024",
    "ai_score": 9.9
}

💭 Join the Security Discussion ❌ Cancel Reply