Skip to main content

Zoho CVE-2025-27709

| EUVDEUVD-2025-17452 HIGH
SQL Injection (CWE-89)
2025-06-09 0fc0942c-577d-436f-ae8e-945763c79b02
8.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.3 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
Low

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:44 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
8511
EUVD ID Assigned
Mar 14, 2026 - 19:21 euvd
EUVD-2025-17452
Analysis Generated
Mar 14, 2026 - 19:21 vuln.today
CVE Published
Jun 09, 2025 - 11:15 nvd
HIGH 8.3

DescriptionCVE.org

Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the Service Account Auditing reports.

AnalysisAI

A SQL injection vulnerability (CVSS 8.3). High severity vulnerability requiring prompt remediation.

Technical ContextAI

CWE-89 (SQL Injection). CVSS 8.3 indicates high severity.

RemediationAI

Monitor vendor channels for patch availability. Implement input validation and WAF rules as interim mitigation.

More in Zoho

View all
CVE-2016-6600 CRITICAL POC
9.8 Jan 23

Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remot

CVE-2015-8249 CRITICAL POC
9.8 Sep 28

The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and e

CVE-2014-5005 HIGH POC
7.5 Oct 21

Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers

CVE-2015-7765 CRITICAL POC
9.0 Oct 09

ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of "plugin" for the IntegrationUser a

CVE-2015-7766 CRITICAL POC
9.0 Oct 09

PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL q

CVE-2014-6037 HIGH POC
7.5 Oct 26

Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8

CVE-2015-7387 HIGH POC
7.5 Sep 28

ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions

CVE-2016-6601 HIGH POC
7.5 Jan 23

Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows rem

CVE-2014-6034 MEDIUM POC
5.0 Dec 04

Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in Z

CVE-2014-3996 HIGH POC
7.5 Dec 05

SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central

CVE-2017-11512 HIGH POC
7.5 Nov 08

The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the path

CVE-2014-7866 HIGH POC
7.5 Dec 10

Multiple directory traversal vulnerabilities in ZOHO ManageEngine OpManager 8 (build 88xx) through 11.4, IT360 10.3 and

Share

CVE-2025-27709 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy