Zoho ManageEngine ADManager Plus is a comprehensive web-based Active Directory management solution that simplifies User provisioning, Active Directory administration, and IT help desk tasks. Its array of features include Active Directory reports, Bulk User management, Bulk User creation, delegated User management, Active Directory User reporting, Active Directory password reset, and more. This allows IT administrators to manage their directory and easily apply changes within their environment.

Zoho ManageEngine ADManager Plus

Zohocorp ManageEngine ADManager Plus versions before 8025 are vulnerable to NTLM Hash Exposure. 
This vulnerability is exploitable only by technicians who have the “Impersonate as Admin” option enabled.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-10020	HIGH	8.8	Zoho ManageEngine ADManager Plus	cpe:2.3:a:zohocorp:manageengine_admanager_plus	No	No	Oct 21, 2025
CVE-2024-24409	HIGH	8.8	Zoho ManageEngine ADManager Plus	cpe:2.3:a:zohocorp:manageengine_admanager_plus	No	No	Nov 08, 2024
CVE-2024-48878	HIGH	8.8	Zoho ManageEngine ADManager Plus	cpe:2.3:a:zohocorp:manageengine_admanager_plus	No	No	Nov 04, 2024
CVE-2025-9435	MEDIUM	5.5	Zoho ManageEngine ADManager Plus	cpe:2.3:a:zohocorp:manageengine_admanager_plus	No	Yes	Jan 13, 2026
CVE-2025-11670	MEDIUM	4.3	Zoho ManageEngine ADManager Plus	cpe:2.3:a:zohocorp:manageengine_admanager_plus	No	Yes	Dec 15, 2025

CVE-2025-11670:
Zoho ManageEngine ADManager Plus vulnerability analysis and mitigation

4.3

Related Zoho ManageEngine ADManager Plus vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2025-11670: Zoho ManageEngine ADManager Plus vulnerability analysis and mitigation