CVE-2025-11670
MEDIUMZohocorp Manageengine Admanager Plus < 8.0 - Information Disclosure
Title source: ruleDescription
Zohocorp ManageEngine ADManager Plus versions before 8025 are vulnerable to NTLM Hash Exposure. This vulnerability is exploitable only by technicians who have the “Impersonate as Admin” option enabled.
Scores
CVSS v3
6.4
EPSS
0.0004
EPSS Percentile
11.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Classification
CWE
CWE-200
Status
published
Affected Products (10)
zohocorp/manageengine_admanager_plus
< 8.0
zohocorp/manageengine_admanager_plus
zohocorp/manageengine_admanager_plus
zohocorp/manageengine_admanager_plus
zohocorp/manageengine_admanager_plus
zohocorp/manageengine_admanager_plus
zohocorp/manageengine_admanager_plus
zohocorp/manageengine_admanager_plus
zohocorp/manageengine_admanager_plus
zohocorp/manageengine_admanager_plus
Timeline
Published
Dec 15, 2025
Tracked Since
Feb 18, 2026