PT-2025-46336 · Manageengine · Zoho Manageengine Applications Manager
Published
2025-10-22
·
Updated
2025-11-11
·
CVE-2025-9223
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
ManageEngine Applications Manager versions 178100 and below
Description
ManageEngine Applications Manager versions 178100 and below are subject to an authenticated command injection issue. This is due to improper configuration within the execute program action feature. The issue could allow for unauthorized command execution on affected systems.
Recommendations
Versions prior to 178100 should be updated.
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zoho Manageengine Applications Manager