CVE-2025-9223HIGH 8.8EPSS p88.8%

CVE-2025-9223CVE-2025-9223

Description

Zohocorp ManageEngine Applications Manager versions 178100 and below are vulnerable to authenticated command injection vulnerability due to the improper configuration in the execute program action feature.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS3.85% probability of exploitation · percentile 88.8% · 2026-06-19T12:03:05Z
Published2025-11-11
Last modified2026-04-15

Underlying weaknesses· 1

CWE-77

References

  1. https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2025-9223.html

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in a Command ('Command Injection')cwe-770%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-10020
CVE
CVE-2025-8324
CVE
CVE-2025-41403
CVE
CVE-2025-41444
CVE
CVE-2025-9428
CVE
CVE-2025-36528
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.