CVE-2025-8309

HIGH

ManageEngine - Privilege Escalation

Title source: llm

Description

There is an improper privilege management vulnerability identified in ManageEngine's Asset Explorer, ServiceDesk Plus, ServiceDesk Plus MSP, and SupportCenter Plus products by Zohocorp. This vulnerability impacts Asset Explorer versions before 7710, ServiceDesk Plus versions before 15110, ServiceDesk Plus MSP versions before 14940, and SupportCenter Plus versions before 14940.

References (1)

Core 1

Core References

Various Sources

https://www.manageengine.com/products/service-desk/cve-2025-8309.html

Scores

CVSS v3 8.1

EPSS 0.0024

EPSS Percentile 14.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-269

Status published

Products (4)

ManageEngine/Asset Explorer < 7710

ManageEngine/ServiceDesk Plus < 15110

ManageEngine/ServiceDesk Plus MSP < 14940

ManageEngine/SupportCenter Plus < 14940

Published Aug 20, 2025

Tracked Since Feb 18, 2026