CVE-2025-10020
Published: 21 October 2025
Description
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Security Summary
CVE-2025-10020 is an authenticated command injection vulnerability (CWE-77) in the Custom Script component of Zohocorp ManageEngine ADManager Plus versions before 8024. Published on 2025-10-21, it carries a CVSS v3.1 base score of 8.5 (AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H), reflecting high severity due to its potential for significant impact across confidentiality, integrity, and availability.
An authenticated attacker with low privileges (PR:L) can exploit this vulnerability over the network (AV:N), though it requires high attack complexity (AC:H) and no user interaction (UI:N). Successful exploitation changes scope (S:C) and enables high-impact outcomes (C:H/I:H/A:H), such as remote command execution on the affected system.
The vendor has published details in a knowledge base article at https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2025-10020.html, which security practitioners should consult for mitigation guidance, including patching to version 8024 or later.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Authenticated command injection (CWE-77) directly enables arbitrary remote command execution (T1059) and exploitation for privilege escalation from low privileges to system-level RCE (T1068).