NTLM Hash Exposure Vulnerability_CVE-2025-11670

6.4 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Description

Zohocorp ManageEngine ADManager Plus versions before 8025 are vulnerable to NTLM Hash Exposure.
This vulnerability is exploitable only by technicians who have the “Impersonate as Admin” option enabled.

Basic Information

ID CVE-2025-11670

Source Zohocorp

Published Dec 15, 2025 at 11:11

Affected Product

Vendor Zohocorp

Product ManageEngine ADManager Plus

Affected Versions Zohocorp ManageEngine ADManager Plus 0

CWE Classification

CWE-200

References

www.manageengine.com /products/ad-manager/admanager-kb/cve-2025-11670.html

{
    "lastseen": "",
    "description": "Zohocorp ManageEngine ADManager Plus versions before 8025 are vulnerable to\u00a0NTLM Hash Exposure.\u00a0\nThis vulnerability is exploitable only by technicians who have the \u201cImpersonate as Admin\u201d option enabled.",
    "published": "2025-12-15T11:11:13.348Z",
    "modified": "2025-12-15T11:11:13.348Z",
    "type": "cve",
    "title": "NTLM Hash Exposure Vulnerability",
    "source": "Zohocorp",
    "references": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2025-11670.html",
    "id": "CVE-2025-11670",
    "bulletinFamily": "",
    "cwe": [
        "CWE-200"
    ],
    "cvelist": null,
    "sourceData": "Zohocorp ManageEngine ADManager Plus 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ManageEngine ADManager Plus",
    "version": "0",
    "vendor": "Zohocorp",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}