Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-8309
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
User privilege escalation vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
There is an improper privilege management vulnerability identified in ManageEngine's Asset Explorer, ServiceDesk Plus, ServiceDesk Plus MSP, and SupportCenter Plus products by Zohocorp. This vulnerability impacts Asset Explorer versions before 7710, ServiceDesk Plus versions before 15110, ServiceDesk Plus MSP versions before 14940, and SupportCenter Plus versions before 14940.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
特权管理不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
ZOHO多款产品 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
ZOHO ManageEngine ServiceDesk Plus等都是美国卓豪(ZOHO)公司的产品。ZOHO ManageEngine ServiceDesk Plus是一套基于ITIL架构的IT服务管理软件。ZOHO ManageEngine AssetExplorer是一套资产管理软件。ZOHO ManageEngine SupportCenter Plus是一种基于 Web 的客户支持软件。 ZOHO多款产品存在安全漏洞,该漏洞源于权限管理不当。以下产品及版本受到影响:ManageEngine
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
ManageEngineAsset Explorer 0 ~ 7710 -
ManageEngineServiceDesk Plus 0 ~ 15110 -
ManageEngineServiceDesk Plus MSP 0 ~ 14940 -
ManageEngineSupportCenter Plus 0 ~ 14940 -
II. Public POCs for CVE-2025-8309
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2025-8309
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same vendor: ManageEngine
Same weakness: CWE-269
V. Comments for CVE-2025-8309

No comments yet

Leave a comment