Primary

Context

ManageEngine Endpoint Central Improper Privilege Management Vulnerability Allowing Privilege Escalation

Vulnerability

A privilege escalation vulnerability has been identified in ZohoCorp ManageEngine Endpoint Central, specifically in the agent setup. This issue arises from improper privilege management, allowing unauthorized elevation of privileges to the SYSTEM level. The vulnerability affects Endpoint Central versions through 11.4.2500.25 and through 11.4.2508.13.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation, with elevated privileges granted to the SYSTEM level.

Remediation

Users can upgrade to version 11.4.2500.26 if they are on version 11.4.2500.25 or below. For those on version 11.4.2508.13 or below, the upgrade to version 11.4.2508.14 is recommended. Instructions for upgrading are available in the ManageEngine Endpoint Central knowledge base.

Added: Sep 25, 2025, 2:17 PM

Updated: Sep 25, 2025, 2:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ManageEngine Endpoint Central Improper Privilege Management Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating