CVE-2025-11670
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-12-15
Last updated on: 2025-12-18
Assigner: ManageEngine
Description
Description
Zohocorp ManageEngine ADManager Plus versions before 8025 are vulnerable to NTLM Hash Exposure.
This vulnerability is exploitable only by technicians who have the “Impersonate as Admin” option enabled.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zohocorp | manageengine_admanager_plus | to 8.0 (exc) |
| zohocorp | manageengine_admanager_plus | 8.0 |
| zohocorp | manageengine_admanager_plus | 8.0 |
| zohocorp | manageengine_admanager_plus | 8.0 |
| zohocorp | manageengine_admanager_plus | 8.0 |
| zohocorp | manageengine_admanager_plus | 8.0 |
| zohocorp | manageengine_admanager_plus | 8.0 |
| zohocorp | manageengine_admanager_plus | 8.0 |
| zohocorp | manageengine_admanager_plus | 8.0 |
| zohocorp | manageengine_admanager_plus | 8.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Zohocorp ManageEngine ADManager Plus versions before 8025 allows NTLM hash exposure. It can be exploited only by technicians who have the 'Impersonate as Admin' option enabled, potentially allowing them to misuse administrative privileges. [1]
How can this vulnerability impact me? :
The vulnerability can lead to exposure of NTLM hashes, which attackers or malicious technicians with impersonation privileges could use to escalate privileges or move laterally within a network, compromising confidentiality and integrity of systems. [1]
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70