Authenticated SQL Injection in Zohocorp ManageEngine ADAudit Plus
CVE-2025-41403
8.3HIGH
Key Information:
- Vendor
Manageengine
- Status
- Vendor
- CVE Published:
- 22 May 2025
Badges
👾 Exploit Exists📰 News Worthy
What is CVE-2025-41403?
Zohocorp ManageEngine ADAudit Plus is affected by an authenticated SQL injection vulnerability that can be exploited while fetching service account audit data. This flaw may allow attackers with valid credentials to execute arbitrary SQL commands, potentially compromising sensitive data and the overall integrity of the application.
Affected Version(s)
ADAudit Plus 0 < 8511
News Articles

CVE-2025-41403: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in ManageEngine ADAudit Plus - Live Threat Intelligence - Threat Radar | OffSeq.com
Detailed information about CVE-2025-41403: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in ManageEngine ADAudit P
3 weeks ago
References
CVSS V3.1
Score:
8.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
- 👾
Exploit known to exist
- 📰
First article discovered by OffSeq
Vulnerability published
Vulnerability Reserved