← back
CVE-2025-8309

User privilege escalation vulnerability

CVSS 8.1 HIGHEPSS 0.2%CWE-269
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.1EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
20 Aug 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
There is an improper privilege management vulnerability identified in ManageEngine's Asset Explorer, ServiceDesk Plus, ServiceDesk Plus MSP, and SupportCenter Plus products by Zohocorp. This vulnerability impacts Asset Explorer versions before 7710, ServiceDesk Plus versions before 15110, ServiceDesk Plus MSP versions before 14940, and SupportCenter Plus versions before 14940.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected products
ManageEngine · Asset ExplorerManageEngine · ServiceDesk PlusManageEngine · ServiceDesk Plus MSPManageEngine · SupportCenter Plus

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.manageengine.com/products/service-desk/cve-2025-8309.html