Home

Description

ZohoCorp ManageEngine Endpoint Central versions prior to 11.4.2528.05 are vulnerable to a sensitive information logging issue. An authenticated user with access to the logs could potentially obtain the sensitive agent token.

PUBLISHED Reserved 2025-10-03 | Published 2025-10-27 | Updated 2025-10-27 | Assigner Zohocorp




LOW: 3.2CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N

Problem types

CWE-532 Insertion of Sensitive Information into Log File

Product status

Default status
unaffected

Any version before 11.4.2528.05
affected

References

www.manageengine.com/.../desktop-central/CVE-2025-11248.html

cve.org (CVE-2025-11248)

nvd.nist.gov (CVE-2025-11248)

Download JSON