Skip to main content

Manageengine Admanager Plus CVE-2025-9435

MEDIUM
Path Traversal (CWE-22)
2026-01-13 0fc0942c-577d-436f-ae8e-945763c79b02
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
Patch released
Jan 29, 2026 - 19:10 nvd
Patch available
CVE Published
Jan 13, 2026 - 14:16 nvd
MEDIUM 5.5

DescriptionCVE.org

Zohocorp ManageEngine ADManager Plus versions below 7230 are vulnerable to Path Traversal in the User Management module

AnalysisAI

Zohocorp ManageEngine ADManager Plus versions below 7230 are vulnerable to Path Traversal in the User Management module [CVSS 5.5 MEDIUM]

Technical ContextAI

Classified as CWE-22 (Path Traversal). Affects the User Management component of Manageengine Admanager Plus. Zohocorp ManageEngine ADManager Plus versions below 7230 are vulnerable to Path Traversal in the User Management module

RemediationAI

A vendor patch is available — apply it immediately. Validate and sanitize file path inputs. Use allowlists. Restrict network access to the affected service where possible.

CVE-2023-29084 HIGH POC
7.2 Apr 13

Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injection via Proxy setti

CVE-2022-29457 HIGH POC
8.8 Apr 18

Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131

CVE-2021-37419 HIGH POC
7.5 Sep 21

Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF. Rated high severity (CVSS 7.5), this vulnerabili

CVE-2019-12876 HIGH POC
7.3 Jul 17

Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, l

CVE-2023-31492 MEDIUM POC
6.5 Aug 17

Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of u

CVE-2021-37420 MEDIUM POC
6.5 Sep 21

Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing. Rated medium severity (CVSS 6.5), this

CVE-2018-15740 MEDIUM POC
6.1 Aug 28

Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen. Rated medium sever

CVE-2021-42002 CRITICAL
9.8 Nov 11

Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code exec

CVE-2021-38298 CRITICAL
9.8 Oct 07

Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE. Rated critical severity (CVSS 9.8), this vulner

CVE-2021-37931 CRITICAL
9.8 Oct 07

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execu

CVE-2021-37930 CRITICAL
9.8 Oct 07

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execu

CVE-2021-37929 CRITICAL
9.8 Oct 07

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execu

Share

CVE-2025-9435 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy