CVE-2025-8309
BaseFortify
Publication date: 2025-08-20
Last updated on: 2025-08-22
Assigner: ManageEngine
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zohocorp | supportcenter_plus | * |
| zohocorp | asset_explorer | * |
| zohocorp | servicedesk_plus_msp | * |
| zohocorp | servicedesk_plus | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an improper privilege management issue found in ManageEngine's Asset Explorer, ServiceDesk Plus, ServiceDesk Plus MSP, and SupportCenter Plus products. It allows users with certain privileges to potentially perform actions or access resources beyond their authorized permissions.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access or actions within the affected ManageEngine products, potentially allowing attackers or users to compromise confidentiality and integrity of data, as indicated by the high impact on confidentiality and integrity in the CVSS score.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update ManageEngine Asset Explorer to version 7710 or later, ServiceDesk Plus to version 15110 or later, ServiceDesk Plus MSP to version 14940 or later, and SupportCenter Plus to version 14940 or later.