CVE-2025-3444

EUVD-2025-16111
Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter Plus versions below 14920 are vulnerable to authenticated Local File Inclusion (LFI) in the Admin module, where help card content is loaded.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
ZohocorpCNA
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
Affected Products (NVD)
VendorProductVersion
zohocorpmanageengine_servicedesk_plus_msp
𝑥
≤ 14.8
zohocorpmanageengine_servicedesk_plus_msp
14.9:14900
zohocorpmanageengine_servicedesk_plus_msp
14.9:14910
zohocorpmanageengine_supportcenter_plus
𝑥
≤ 14.8
zohocorpmanageengine_supportcenter_plus
14.9:14900
zohocorpmanageengine_supportcenter_plus
14.9:14910
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.manageengine.com/products/service-desk-msp/cve-2025-3444.html