Improper Privilege Management in ZohoCorp's ManageEngine Endpoint Central
CVE-2025-5494

3.9LOW

Key Information:

Vendor: Zohocorp
Status: Endpoint Central
Vendor: CVE Published:; 25 September 2025

What is CVE-2025-5494?

ZohoCorp's ManageEngine Endpoint Central has been found to have a vulnerability related to improper privilege management in its agent setup. This flaw allows an attacker to potentially escalate privileges, leading to unauthorized access and control over targeted endpoints. Affected versions include 11.4.2500.25 and 11.4.2508.13. It is crucial for users of Endpoint Central to assess their exposure to this vulnerability and implement necessary security measures.

Affected Version(s)

Endpoint Central 0 <= 11.4.2500.25

Endpoint Central 0 <= 11.4.2508.13

References

https://www.manageengine.com/products/desktop-central/pri...

CVSS V3.1

Score:

3.9

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 25, 2025
Vulnerability Reserved
Jun 3, 2025

JSON

Zohocorp

What is CVE-2025-5494?

Affected Version(s)

References

CVSS V3.1

Timeline