CVE-2025-3444

Published May 22, 2025

Last updated a month ago

CVSS medium 6.5

Overview

Description: Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter Plus versions below 14920 are vulnerable to authenticated Local File Inclusion (LFI) in the Admin module, where help card content is loaded.
Source: 0fc0942c-577d-436f-ae8e-945763c79b02
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Secondary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

Weaknesses

0fc0942c-577d-436f-ae8e-945763c79b02: CWE-434

Hype score: Not currently trending

CVE-2025-3444 Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter Plus versions below 14920 are vulnerable to authenticated Local File Inclusion (LFI) in the Admin module, w… https://t.co/Lr7mJYESPN
@CVEnew
22 May 2025
381 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F0FFFD50-8AD8-4295-8A53-40146BE6D8AC",
            "versionEndIncluding": "14.8"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.9:14900:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B2B72D2-5FD7-4C7F-BE3F-CDA5064E025A"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.9:14910:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D0591674-38E9-4A24-8998-F00D737ECDE7"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "58ED6DA7-4212-4CD1-A428-067D2A30F7A1",
            "versionEndIncluding": "14.8"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.9:14900:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B9AABAF1-F12C-4F56-92DD-D93B91663045"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.9:14910:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F3C4C6A-9014-4F33-9B8D-F9B2437FF631"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References