CVE-2025-9223

HIGH

Zohocorp ManageEngine Applications Manager <178100 - Command Injection

Title source: llm

Description

Zohocorp ManageEngine Applications Manager versions 178100 and below are vulnerable to authenticated command injection vulnerability due to the improper configuration in the execute program action feature.

Exploits (1)

nomisec WORKING POC 1 stars

by networkkiller · poc

https://github.com/networkkiller/CVE-2025-9223

View Code ZIP pw:eip

References (1)

[Various Sources] https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2025-9223.html

Scores

CVSS v3 8.8

EPSS 0.0130

EPSS Percentile 79.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-77

Status published

Products (1)

Zohocorp/ManageEngine Applications Manager < 178200

Published Nov 11, 2025

Tracked Since Feb 18, 2026