CVE-2025-11670

medium

Description

Zohocorp ManageEngine ADManager Plus versions before 8025 are vulnerable to NTLM Hash Exposure. This vulnerability is exploitable only by technicians who have the “Impersonate as Admin” option enabled.

References

https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2025-11670.html

Details

Source: Mitre, NVD

Published: 2025-12-15

Updated: 2025-12-18

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 4.3

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N