XML Injection Vulnerability in ZohoCorp ManageEngine EndPoint Central
CVE-2025-7473

5.2MEDIUM

Key Information:

Vendor: Zohocorp
Status: Endpoint Central
Vendor: CVE Published:; 21 October 2025

What is CVE-2025-7473?

ZohoCorp's ManageEngine EndPoint Central versions 11.4.2516.1 and earlier are susceptible to an XML Injection vulnerability. This security flaw allows attackers to manipulate XML data and potentially execute unauthorized commands or data exfiltration. Proper validation and sanitization of XML input are crucial to mitigate risks associated with this vulnerability. Users should promptly review their system and apply updates to secure their installations.

Affected Version(s)

Endpoint Central 0 <= 11.4.2516.1

References

https://www.manageengine.com/products/desktop-central/par...

CVSS V3.1

Score:

5.2

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 21, 2025
Vulnerability Reserved
Jul 11, 2025

JSON

Zohocorp

What is CVE-2025-7473?

Affected Version(s)

References

CVSS V3.1

Timeline