How to fix CVE-2025-41444?

Within 24 hours: Identify all ManageEngine ADAudit Plus instances running version 8510 or prior and document their criticality level. Within 7 days: Implement network segmentation to restrict alerts module access to trusted administrator networks only, and enable detailed audit logging for all alerts module activity. Within 30 days: Contact Zohocorp for patch availability timeline; if patch released, prioritize immediate deployment; if no patch timeline emerges, evaluate alternative audit solutions or disable alerts module functionality if operationally feasible.

Is Zoho affected by CVE-2025-41444?

ManageEngine ADAudit Plus deployments are vulnerable to SQL injection attacks by authenticated users, potentially allowing unauthorized access to sensitive directory and audit data.

CVE-2025-41444

EUVD-2025-17450 HIGH

2025-06-09 0fc0942c-577d-436f-ae8e-945763c79b02

8.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

Low

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 19:21 euvd

EUVD-2025-17450

Analysis Generated

Mar 14, 2026 - 19:21 vuln.today

CVE Published

Jun 09, 2025 - 12:15 nvd

HIGH 8.3

Description

Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the alerts module.

Analysis

Zohocorp ManageEngine ADAudit Plus versions 8510 and prior contain an authenticated SQL injection vulnerability in the alerts module (CWE-89) that allows authenticated users to execute arbitrary SQL commands. An attacker with valid credentials can exploit this network-accessible vulnerability to read sensitive data, modify database contents, or degrade system availability. The CVSS 8.3 score reflects high confidentiality and integrity impact, though authentication is required; real-world exploitation probability and active weaponization status cannot be confirmed without KEV/EPSS data access.

Technical Context

The vulnerability exists in the alerts module of ManageEngine ADAudit Plus, an Active Directory and user access auditing solution commonly deployed in enterprise Windows environments. The root cause is improper input validation/parameterization of SQL queries (CWE-89: SQL Injection) where user-supplied input from alert configuration or filtering parameters is concatenated directly into SQL statements without proper escaping or prepared statement usage. ADAudit Plus is typically deployed as a Java-based application server with backend database (MySQL, MSSQL, or Oracle depending on configuration). CPE would likely be: cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:* with version constraint <=8510. The vulnerability is specifically in the alerts module, suggesting the injection point exists in alert query/filtering/management functionality.

Affected Products

- vendor: Zohocorp; product: ManageEngine ADAudit Plus; affected_versions: 8510 and all prior versions; fixed_versions: Not specified in provided data—vendor advisory required; module: Alerts module; deployment_notes: Commonly deployed in enterprise Active Directory environments; typically runs on Windows Server with Java application server and relational database backend

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.7

CVSS: +42

POC: 0

CVE-2025-41444 vulnerability details – vuln.today

Back

CVE-2025-41444

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

CVE-2025-41444

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

External POC / Exploit Code