CNNVD-202601-2298 Information

Jan 13, 2026 cve

CNNVD ID

CNNVD-202601-2298

CVE-2025-9435

  • CNNVD Published: 2026-01-13

Description (Chinese)

ZOHO ManageEngine ADManager Plus是美国卓豪(ZOHO)公司的一套为使用Windows域的企业用户设计的微软活动目录管理软件。该软件能够协助AD管理员和帮助台技术人员进行日常管理工作,例如批量管理用户帐户和AD对象、给帮助台技术员指派基于角色的访问权限等。 Zoho ManageEngine ADManager Plus 7230之前版本存在安全漏洞,该漏洞源于用户管理模块存在路径遍历。

Description (English)

ZOHO ManageEngine ADManager Plus is a Microsoft Action Directory management software designed for business users using Windows domains in the United States of America. The software can assist AD managers and help desk technicians in day-to-day management, such as bulk management of user accounts and AD objects, and the assignment of role-based access to help desk technicians. Zoho ManageEngine ADManager Plus 7230 had a security loophole, which stemmed from the existence of the user management module.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

卓豪

Published

2026-01-13

Last Modified

2026-02-24

References

https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2025-9435.html

Patch

https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2025-9435.html

Share on: