CVE-2025-5496

ZohoCorp ManageEngine Endpoint Central versions earlier than 11.4.2508.14, 11.4.2516.06, and 11.4.2518.01 are affected by an arbitrary file deletion vulnerability in the agent setup component.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
ZohocorpCNA
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
zohocorpmanageengine_endpoint_central
𝑥
< 11.4.2508.14
zohocorpmanageengine_endpoint_central
11.4.2510.01 ≤
𝑥
< 11.4.2516.06
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.manageengine.com/products/desktop-central/kb/arbitrary-file-deletion-allows-local-privilege-escalation.html