CVE-2025-9223
BaseFortify
Publication date: 2025-11-11
Last updated on: 2025-11-11
Assigner: ManageEngine
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zohocorp | manageengine_applications_manager | 178100 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-9223 is a high-severity authenticated command injection vulnerability in ManageEngine Applications Manager versions 178100 and below. It occurs due to a command blacklist bypass in the 'Execute Program' action feature, where attackers can specify absolute paths for blacklisted commands to circumvent security controls. This allows authenticated users to execute sensitive blacklisted commands with administrative privileges on the server. [1]
How can this vulnerability impact me? :
This vulnerability can allow an authenticated user to execute sensitive blacklisted commands with administrative privileges on the Applications Manager server. This poses a significant risk to system security and integrity, potentially leading to unauthorized control, data compromise, or disruption of services. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves verifying if your ManageEngine Applications Manager version is 178100 or below and checking for unauthorized or suspicious 'Execute Program' actions that may use absolute paths to bypass command blacklists. Since the vulnerability requires authenticated access, review the configuration of 'Execute Program' actions for any unapproved commands or actions created/updated without super admin approval. Specific detection commands are not provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediately update your ManageEngine Applications Manager to version 178200 or above, as this version includes fixes that require super admin approval for creating or updating 'Execute Program' actions and disables new actions until approved. If updating immediately is not possible, ensure that only super admins can create or update execute program actions and review existing actions for unauthorized commands. Applying the latest service pack is also recommended to mitigate the vulnerability. [1]