CVE-2025-5496

Summary

ZohoCorp ManageEngine Endpoint Central versions earlier than 11.4.2508.14, 11.4.2516.06, and 11.4.2518.01 are affected by an arbitrary file deletion vulnerability in the agent setup component.

Affected Software

VendorProductVersion RangeStatus
ZohocorpEndpoint Central0 < 11.4.2508.14affected
ZohocorpEndpoint Central0 < 11.4.2516.06affected
ZohocorpEndpoint Central0 < 11.4.2518.01affected

Weaknesses

  • CWE-269: CWE-269 Improper Privilege Management

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References