What is the CVSS score of CVE-2025-27709?

CVE-2025-27709 has a CVSS 3.1 base score of 8.3 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L. EPSS exploitation probability: 0.7%.

Which versions of Zoho are affected by CVE-2025-27709?

CVE-2025-27709 is a SQL injection vulnerability affecting an unspecified product with a CVSS score of 8.3, posing significant risk to data confidentiality and integrity.. A patch is available.

How to fix or mitigate CVE-2025-27709?

Within 24 hours: Identify all systems running the affected product and isolate or restrict network access to vulnerable instances. Within 7 days: Apply the vendor-released patch to all affected systems, prioritizing production environments and systems with database access to sensitive data. Within 30 days: Conduct post-patch validation testing and review database access logs for signs of unauthorized queries or compromise during the vulnerability window.

Zoho CVE-2025-27709

EUVD-2025-17452 HIGH

SQL Injection (CWE-89)

2025-06-09 0fc0942c-577d-436f-ae8e-945763c79b02

Information Disclosure SQLi Zoho Manageengine Adaudit Plus

8.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

Low

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:44 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

8511

EUVD ID Assigned

Mar 14, 2026 - 19:21 euvd

EUVD-2025-17452

Analysis Generated

Mar 14, 2026 - 19:21 vuln.today

CVE Published

Jun 09, 2025 - 11:15 nvd

HIGH 8.3

DescriptionNVD

Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the Service Account Auditing reports.

AnalysisAI

A SQL injection vulnerability (CVSS 8.3). High severity vulnerability requiring prompt remediation.

Technical ContextAI

CWE-89 (SQL Injection). CVSS 8.3 indicates high severity.

RemediationAI

Monitor vendor channels for patch availability. Implement input validation and WAF rules as interim mitigation.

CVE-2025-27709 vulnerability details – vuln.today

Back