CVE-2025-9435

MEDIUM
2026-01-13 0fc0942c-577d-436f-ae8e-945763c79b02
5.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
Patch Released
Jan 29, 2026 - 19:10 nvd
Patch available
CVE Published
Jan 13, 2026 - 14:16 nvd
MEDIUM 5.5

Tags

Path Traversal Manageengine Admanager Plus

Description

Zohocorp ManageEngine ADManager Plus versions below 7230 are vulnerable to Path Traversal in the User Management module

Analysis

Zohocorp ManageEngine ADManager Plus versions below 7230 are vulnerable to Path Traversal in the User Management module [CVSS 5.5 MEDIUM]

Technical Context

Classified as CWE-22 (Path Traversal). Affects the User Management component of Manageengine Admanager Plus. Zohocorp ManageEngine ADManager Plus versions below 7230 are vulnerable to Path Traversal in the User Management module

Affected Products

Vendor: Zohocorp. Product: Manageengine Admanager Plus. Component: User Management.

Remediation

A vendor patch is available — apply it immediately. Validate and sanitize file path inputs. Use allowlists. Restrict network access to the affected service where possible.

Priority Score

28
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +28
POC: 0

Share

CVE-2025-9435 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy