CNNVD-202510-2762 Information

Oct 21, 2025 cve

CNNVD ID

CNNVD-202510-2762

CVE-2025-10020

  • CNNVD Published: 2025-10-21

Description (Chinese)

ZOHO ManageEngine ADManager Plus是美国卓豪(ZOHO)公司的一套为使用Windows域的企业用户设计的微软活动目录管理软件。该软件能够协助AD管理员和帮助台技术人员进行日常管理工作,例如批量管理用户帐户和AD对象、给帮助台技术员指派基于角色的访问权限等。 ZOHO ManageEngine ADManager Plus 8024之前版本存在安全漏洞,该漏洞源于Custom Script组件存在身份验证后的命令注入漏洞。

Description (English)

ZOHO ManageEngine ADManager Plus is a Microsoft Action Directory management software designed for business users using Windows domains in the United States of America. The software can assist AD managers and help desk technicians in day-to-day management, such as bulk management of user accounts and AD objects, and the assignment of role-based access to help desk technicians. ZOHO ManageEngine ADManager Plus 8024 had a security loophole, which arose from the existence of an identification order for the Custom Script component.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

卓豪

Published

2025-10-21

Last Modified

2026-02-24

References

https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2025-10020.html

Patch

https://www.manageengine.com/products/ad-manager/service-pack.html

Share on: