Vendor scorecard
ManageEngine (Zoho)
ManageEngine (Zoho) security disclosure record — CVE volume, CVSS severity mix and product-category breakdown, sourced from the NIST NVD.
CPE: zohocorp, manageengine
Product families
2
Open in latest
101
Inferred — see methodology
Last disclosure
Jan 13, 2026
01
Product categories
2 trackedCVE volume, severity mix and the inferred latest shipping version per category.
| Category | CVEs | Volume | Severity mix | Open | Inferred latest |
|---|---|---|---|---|---|
| ADManager / Endpoint CentralNetwork Management & Monitoringmanageengine_admanager_plus, manageengine_endpoint_central, endpoint_central | 7 | 51 | 11.4.2528.05HIGH | ||
| OpManager / Network MonitoringNetwork Management & Monitoringmanageengine_opmanager, opmanager, manageengine_oputils | 0 | 51 | 12.7LOW |
02
Recent CVEs
7 shownMost recently published, newest first. Each ID links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-9435(opens NVD record) | Medium | 5.5 | Zohocorp ManageEngine ADManager Plus versions below 7230 are vulnerable to Path Traversal in the User Management module | Jan 13, 2026 |
| CVE-2025-11670(opens NVD record) | Medium | 6.4 | Zohocorp ManageEngine ADManager Plus versions before 8025 are vulnerable to NTLM Hash Exposure. This vulnerability is exploitable only by technicians who have the “Impersonate as Admin” option enabled. | Dec 15, 2025 |
| CVE-2025-11248(opens NVD record) | Low | 3.2 | ZohoCorp ManageEngine Endpoint Central versions prior to 11.4.2528.05 are vulnerable to a sensitive information logging issue. An authenticated user with access to the logs could potentially obtain the sensitive agent token. | Oct 27, 2025 |
| CVE-2025-10020(opens NVD record) | High | 8.5 | Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component. | Oct 21, 2025 |
| CVE-2025-7473(opens NVD record) | Medium | 5.2 | Zohocorp ManageEngine EndPoint Central versions 11.4.2516.1 and prior are vulnerable to XML Injection. | Oct 21, 2025 |
| CVE-2025-5496(opens NVD record) | Low | 3.3 | ZohoCorp ManageEngine Endpoint Central versions earlier than 11.4.2508.14, 11.4.2516.06, and 11.4.2518.01 are affected by an arbitrary file deletion vulnerability in the agent setup component. | Oct 21, 2025 |
| CVE-2025-5494(opens NVD record) | Low | 3.9 | ZohoCorp ManageEngine Endpoint Central was impacted by an improper privilege management issue in the agent setup. This issue affects Endpoint Central: through 11.4.2500.25, through 11.4.2508.13. | Sep 25, 2025 |
7 CVEs · 2 product families