CVE-2025-10020: 
Zoho ManageEngine ADManager Plus vulnerability analysis and mitigation

CVE-2025-10020 is an authenticated command injection vulnerability discovered in Zohocorp ManageEngine ADManager Plus versions before build 8024. The vulnerability was identified in the Custom Script component and was reported by bitxer through Zoho's Bug Bounty program. The issue was disclosed on October 21, 2025, and a fix was released on September 19, 2025 (ManageEngine KB, NVD).

The vulnerability is classified as a command injection flaw (CWE-77) with a CVSS v3.1 base score of 8.8 (HIGH) according to NVD, and 8.5 (HIGH) according to ManageEngine. The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating that the vulnerability is network-accessible, requires low attack complexity, needs low privileges, and can result in high impacts to confidentiality, integrity, and availability (NVD).

The vulnerability could allow an authenticated adversary to execute arbitrary commands on the affected system, potentially leading to remote code execution (RCE). This could result in unauthorized access to sensitive data from the server and the ability to execute system commands to compromise the instance (ManageEngine KB).

ManageEngine has released build 8024 to address this vulnerability. Users are advised to update their ADManager Plus instance to the latest build by installing the service pack (ManageEngine KB).