Primary

Context

ManageEngine ADManager Plus Authenticated Command Injection Vulnerability Allowing Remote Code Execution

Vulnerability

Patched

A command injection vulnerability has been identified in the Custom Script component of ManageEngine ADManager Plus, affecting versions prior to 8024. This vulnerability allows authenticated users to execute arbitrary commands on the server, potentially leading to remote code execution.

Impact

Exploitation of this vulnerability could allow an authenticated user to execute system commands on the server, potentially leading to unauthorized access to sensitive data or remote code execution.

Remediation

Users are advised to update their ADManager Plus instance to build 8024 or later. Instructions for downloading the latest service pack are available on the ManageEngine website.

Added: Oct 21, 2025, 1:17 PM

Updated: Oct 21, 2025, 8:06 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

10.0

exploitability

4.9

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

10.0

exploitability

4.9

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ManageEngine ADManager Plus Authenticated Command Injection Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

ManageEngine ADManager Plus

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating