CVE-2025-9223 | THREATINT

Description

Zohocorp ManageEngine Applications Manager versions 178100 and below are vulnerable to authenticated command injection vulnerability due to the improper configuration in the execute program action feature.

PUBLISHED Reserved 2025-08-20 | Published 2025-11-11 | Updated 2025-11-13 | Assigner Zohocorp

HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

Product status

Default status

unaffected

Any version before 178200

affected

References

www.manageengine.com/.../security-updates-cve-2025-9223.html

cve.org (CVE-2025-9223)

nvd.nist.gov (CVE-2025-9223)

Download JSON