CVE-2025-9223

HIGH

Zohocorp ManageEngine Applications Manager <178100 - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-9223. PoCs published by networkkiller.

AI-analyzed exploit summary This repository contains a functional PoC for CVE-2025-9223, demonstrating a command execution bypass in ManageEngine Applications Manager's 'Execute Program Action' feature. The exploit leverages flawed blacklist validation to achieve authenticated RCE via absolute paths, environment variables, and script wrappers.

Description

Zohocorp ManageEngine Applications Manager versions 178100 and below are vulnerable to authenticated command injection vulnerability due to the improper configuration in the execute program action feature.

Exploits (1)

nomisec WORKING POC 1 stars
by networkkiller · poc
https://github.com/networkkiller/CVE-2025-9223

This repository contains a functional PoC for CVE-2025-9223, demonstrating a command execution bypass in ManageEngine Applications Manager's 'Execute Program Action' feature. The exploit leverages flawed blacklist validation to achieve authenticated RCE via absolute paths, environment variables, and script wrappers.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: ManageEngine Applications Manager
Auth required
Prerequisites: Authenticated access to Applications Manager · Permissions for 'Execute Program Action' · Network access to target
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 8.8
EPSS 0.0385
EPSS Percentile 88.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-77
Status published
Products (1)
Zohocorp/ManageEngine Applications Manager < 178200
Published Nov 11, 2025
Tracked Since Feb 18, 2026