CVE-2025-10020

Published Oct 21, 2025

Last updated 4 months ago

CVSS high 8.5

Overview

Description
Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component.
Source
0fc0942c-577d-436f-ae8e-945763c79b02
NVD status
Analyzed
Products
manageengine_admanager_plus

Risk scores

CVSS 3.1

Type
Primary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

0fc0942c-577d-436f-ae8e-945763c79b02
CWE-77

Social media

Hype score
Not currently trending

  1. ⚠️Vulnerabilidad en productos ManageEngine ❗CVE-2025-10020 ➡️Más info: https://t.co/Mw4f7NTfR0 https://t.co/rAF8AUbDr1

    @CERTpy

    29 Oct 2025

    107 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-10020 (CVSS:8.5, HIGH) is Analyzed. Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability..https://t.co/IzbLIfC6gd #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    26 Oct 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. ManageEngine ADManager Plus: CVE-2025-10020 A critical authenticated command injection vuln was found in ManageEngine ADManager Plus. If you use it, patch ASAP. For more details, read ZeroPath's blog on this vuln. #AppSec #InfoSec #Vulnerability https://t.co/6ImrHDp9DG

    @ZeroPathLabs

    21 Oct 2025

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-10020 Authenticated Command Injection Vulnerability in ManageEngine ADManager Plus Before 8024 https://t.co/06PKSHyVdm

    @VulmonFeeds

    21 Oct 2025

    60 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. **CVE-2025-10020** pertains to an **authenticated command injection vulnerability** in **ManageEngine ADManager Plus** versions prior to 8024. The flaw resides within the **Custom Script component**, which allows authenticated users to execute arbitrary commands on the server

    @CveTodo

    21 Oct 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. [CVE-2025-10020: CRITICAL] Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component.#cve,CVE-2025-10020,#cybersecurity https://t.co/T5CZbyFio1 https://t.co/BNNQcamicJ

    @CveFindCom

    21 Oct 2025

    57 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. CVE-2025-10020 Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component. https://t.co/fjVWUbqQ4f

    @CVEnew

    21 Oct 2025

    321 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Zohocorp ManageEngine ADManager Plus versions before 8025 are vulnerable to NTLM Hash Exposure.  This vulnerability is exploitable only by technicians who have the “Impersonate as Admin” option enabled.CVE-2025-11670
  2. Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option.CVE-2024-24409
  3. Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report.CVE-2024-48878
  4. Zoho ManageEngine Multiple Products Remote Code Execution VulnerabilityCVE-2022-47966
  5. /LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 - 6613 allows attackers to conduct URL Redirection attacks via the src parameter, resulting in a bypass of CSRF protection, or potentially masquerading a malicious URL as trusted.CVE-2017-17552

References

Sources include official advisories and independent security research.