Authenticated SQL Injection Vulnerability in Zoho ManageEngine ADAudit Plus
CVE-2025-3834

8.1HIGH

Key Information:

Vendor: Manageengine
Status: Adaudit Plus
Vendor: CVE Published:; 14 May 2025

🔔 Create Manageengine Vulnerability Alert

What is CVE-2025-3834?

Zoho ManageEngine ADAudit Plus prior to version 8510 has a significant security flaw that allows authenticated users to exploit an SQL injection in the OU History report. This vulnerability could permit attackers to execute arbitrary SQL queries, potentially exposing sensitive information and compromising database security.

Affected Version(s)

ADAudit Plus 0 < 8511

References

https://www.manageengine.com/products/active-directory-au...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2025
Vulnerability Reserved
Apr 21, 2025