vulnerability

Zoho ManageEngine ServiceDesk Plus: CVE-2025-8309: User privilege escalation vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:S/C:C/I:C/A:N)	Aug 5, 2025	Aug 20, 2025	Aug 22, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:C/A:N)

Published

Aug 5, 2025

Added

Aug 20, 2025

Modified

Aug 22, 2025

Description

ManageEngine ITSM products were vulnerable to user privilege escalation due to insufficiently configured regular expressions regex. It has now been fixed and a patch has been released.

Solution

zoho-manageengine-servicedesk-plus-upgrade-latest

References

CWE-269
CVE-2025-8309
https://attackerkb.com/topics/CVE-2025-8309
URL-https://www.manageengine.com/products/service-desk/cve-2025-8309.html

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today