CVE-2025-9223
HIGHCVSS 8.8/10EPSS 3.85%
Last modified
CVE-2025-9223 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. Zohocorp ManageEngine Applications Manager versions 178100 and below are vulnerable to authenticated command injection vulnerability due to the improper configuration in the execute program action feature.. EPSS estimates a 3.85% chance of exploitation in the next 30 days.
Description
Zohocorp ManageEngine Applications Manager versions 178100 and below are vulnerable to authenticated command injection vulnerability due to the improper configuration in the execute program action feature.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
References
Timeline
- Published
- Last Modified
- Status
- Deferred
Frequently Asked Questions
What is CVE-2025-9223?
Zohocorp ManageEngine Applications Manager versions 178100 and below are vulnerable to authenticated command injection vulnerability due to the improper configuration in the execute program action feature.
How severe is CVE-2025-9223?
CVE-2025-9223 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 3.85% probability of exploitation in the next 30 days.
How do I fix CVE-2025-9223?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2025-9223?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST