ManageEngine Endpoint Central XML Injection Vulnerability
Vulnerability
A vulnerability allowing XML injection has been identified in ManageEngine Endpoint Central versions through 11.4.2516.1. This issue arises because a non-admin user could exploit a specially crafted XML file to perform actions typically reserved for administrators.
Impact
Exploitation of this vulnerability could allow a non-admin user to execute administrative actions within Endpoint Central.
Remediation
Users can upgrade to Endpoint Central version 11.4.2516.17 or later to address this vulnerability. Instructions for updating are available in the Endpoint Central documentation.
Added: Oct 21, 2025, 11:16 AM
Updated: Oct 21, 2025, 11:16 AM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
2.5exploitability
5.2remediation
7.7relevance
0.7threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.