CVE-2025-9435

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-9435
Zohocorp ManageEngine ADManager Plus versions below 7230 are vulnerable to Path Traversal in the User Management module

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2025-9435.html Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7200:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7201:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7202:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7203:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7210:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7211:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7212:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7220:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7221:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7222:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7223:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7224:*:*:*:*:*:*
History

No history.

Information

Published : 2026-01-13 14:16

Updated : 2026-01-29 19:10

NVD link : CVE-2025-9435

Mitre link : CVE-2025-9435

CVE.ORG link : CVE-2025-9435

JSON object : View

Products Affected

zohocorp

  • manageengine_admanager_plus
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')