CVE 8.8 HIGH

Command Injection_CVE-2025-9223

November 11, 2025 invoker category_cve

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

Zohocorp ManageEngine Applications Manager versions 178100 and below are vulnerable to authenticated command injection vulnerability due to the improper configuration in the execute program action feature.

AI Analysis

Authenticated command injection vulnerability due to improper configuration in the execute program action feature

Basic Information

ID CVE-2025-9223

Source Zohocorp

Published Nov 11, 2025 at 13:13

Affected Product

Vendor Zohocorp

Product ManageEngine Applications Manager

Affected Versions Zohocorp ManageEngine Applications Manager 0

CWE Classification

CWE-77

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Zohocorp

Product ManageEngine Applications Manager

Version 178100 and below

References

www.manageengine.com /products/applications_manager/security-updates/security-updates-cve-2025-9223.html

{
    "lastseen": "",
    "description": "Zohocorp ManageEngine Applications Manager versions 178100 and below are vulnerable to authenticated command injection vulnerability due to the improper configuration in the execute program action feature.",
    "published": "2025-11-11T13:13:24.880Z",
    "modified": "2025-11-11T13:13:24.880Z",
    "type": "cve",
    "title": "Command Injection",
    "source": "Zohocorp",
    "references": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2025-9223.html",
    "id": "CVE-2025-9223",
    "bulletinFamily": "",
    "cwe": [
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "Zohocorp ManageEngine Applications Manager 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ManageEngine Applications Manager",
    "version": "0",
    "vendor": "Zohocorp",
    "ai_description": "Authenticated command injection vulnerability due to improper configuration in the execute program action feature",
    "ai_severity": "High",
    "ai_vendor": "Zohocorp",
    "ai_product": "ManageEngine Applications Manager",
    "ai_version": "178100 and below",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply