Vendor scorecard
ManageEngine (Zoho)
ManageEngine (Zoho) security disclosure record — CVE volume, CVSS severity mix and product-category breakdown, sourced from the NIST NVD.
CPE: zohocorp, manageengine
Product families
2
Open in latest
101
Inferred — see methodology
Last disclosure
Jan 13, 2026
01
Product categories
2 trackedCVE volume, severity mix and the inferred latest shipping version per category.
| Category | CVEs | Volume | Severity mix | Open | Inferred latest |
|---|---|---|---|---|---|
| OpManager / Network MonitoringNetwork Management & Monitoringmanageengine_opmanager, opmanager, manageengine_oputils | 66 | 51 | 12.7LOW | ||
| ADManager / Endpoint CentralNetwork Management & Monitoringmanageengine_admanager_plus, manageengine_endpoint_central, endpoint_central | 61 | 51 | 11.4.2528.05HIGH |
02
Recent CVEs
12 shownMost recently published, newest first. Each ID links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-9435(opens NVD record) | Medium | 5.5 | Zohocorp ManageEngine ADManager Plus versions below 7230 are vulnerable to Path Traversal in the User Management module | Jan 13, 2026 |
| CVE-2025-11670(opens NVD record) | Medium | 6.4 | Zohocorp ManageEngine ADManager Plus versions before 8025 are vulnerable to NTLM Hash Exposure. This vulnerability is exploitable only by technicians who have the “Impersonate as Admin” option enabled. | Dec 15, 2025 |
| CVE-2025-11248(opens NVD record) | Low | 3.2 | ZohoCorp ManageEngine Endpoint Central versions prior to 11.4.2528.05 are vulnerable to a sensitive information logging issue. An authenticated user with access to the logs could potentially obtain the sensitive agent token. | Oct 27, 2025 |
| CVE-2025-10020(opens NVD record) | High | 8.5 | Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component. | Oct 21, 2025 |
| CVE-2025-7473(opens NVD record) | Medium | 5.2 | Zohocorp ManageEngine EndPoint Central versions 11.4.2516.1 and prior are vulnerable to XML Injection. | Oct 21, 2025 |
| CVE-2025-5496(opens NVD record) | Low | 3.3 | ZohoCorp ManageEngine Endpoint Central versions earlier than 11.4.2508.14, 11.4.2516.06, and 11.4.2518.01 are affected by an arbitrary file deletion vulnerability in the agent setup component. | Oct 21, 2025 |
| CVE-2025-5494(opens NVD record) | Low | 3.9 | ZohoCorp ManageEngine Endpoint Central was impacted by an improper privilege management issue in the agent setup. This issue affects Endpoint Central: through 11.4.2500.25, through 11.4.2508.13. | Sep 25, 2025 |
| CVE-2024-9097(opens NVD record) | Low | 3.5 | ManageEngine Endpoint Central versions before 11.3.2440.09 are vulnerable to IDOR vulnerability which allows the attacker to change the username in the chat. | Feb 5, 2025 |
| CVE-2024-24409(opens NVD record) | High | 8.8 | Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option. | Nov 8, 2024 |
| CVE-2024-10203(opens NVD record) | High | 7.0 | Zohocorp ManageEngine EndPoint Central versions 11.3.2416.21 and below, 11.3.2428.9 and below are vulnerable to Arbitrary File Deletion in the agent installed machines. | Nov 7, 2024 |
| CVE-2024-48878(opens NVD record) | High | 8.3 | Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report. | Nov 4, 2024 |
| CVE-2024-38868(opens NVD record) | High | 7.6 | Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability while isolating the devices.This issue affects Endpoint Central: before 11.3.2406.08 and before 11.3.2400.15 | Aug 30, 2024 |
117 CVEs · 2 product families