CNNVD-202512-2709 Information

Dec 15, 2025 cve

CNNVD ID

CNNVD-202512-2709

CVE-2025-11670

  • CNNVD Published: 2025-12-15

Description (Chinese)

ZOHO ManageEngine ADManager Plus是美国卓豪(ZOHO)公司的一套为使用Windows域的企业用户设计的微软活动目录管理软件。该软件能够协助AD管理员和帮助台技术人员进行日常管理工作,例如批量管理用户帐户和AD对象、给帮助台技术员指派基于角色的访问权限等。 ZOHO ManageEngine ADManager Plus 8025之前版本存在安全漏洞,该漏洞源于NTLM哈希暴露,可能导致拥有Impersonate as Admin权限的技术人员利用此漏洞。

Description (English)

ZOHO ManageEngine ADManager Plus is a Microsoft Action Directory management software designed for business users using Windows domains in the United States of America. The software can assist AD managers and help desk technicians in day-to-day management, such as bulk management of user accounts and AD objects, and the assignment of role-based access to help desk technicians. ZOHO ManageEngine ADManager Plus 8025 had a security loophole, which originated in the exposure of NTLM Hashi and could lead to its exploitation by technicians with Impersonate as Admin privileges.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

卓豪

Published

2025-12-15

Last Modified

2026-02-24

References

https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2025-11670.html

Patch

https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2025-11670.html

Share on: