CVE-2025-10020

HIGH 8.5

Command Injection

CVSS Score

8.5

EPSS Score

0.0%

EPSS Percentile

0th

Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component.

CWE	CWE-77
Vendor	zohocorp
Product	manageengine admanager plus
Published	Oct 21, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for zohocorp manageengine admanager plus

Be the first to know when new high vulnerabilities affecting zohocorp manageengine admanager plus are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Zohocorp / ManageEngine ADManager Plus

0 < 8024

References

NVD ↗ CVE.org ↗ EPSS Data ↗

manageengine.com: https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2025-10020.html