CVE-2025-5496

EUVD-2025-35163
ZohoCorp ManageEngine Endpoint Central versions earlier than 11.4.2508.14, 11.4.2516.06, and 11.4.2518.01 are affected by an arbitrary file deletion vulnerability in the agent setup component.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
ZohocorpCNA
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
zohocorpmanageengine_endpoint_central
𝑥
< 11.4.2508.14
zohocorpmanageengine_endpoint_central
11.4.2510.01 ≤
𝑥
< 11.4.2516.06
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.manageengine.com/products/desktop-central/kb/arbitrary-file-deletion-allows-local-privilege-escalation.html