Detections
Analytics

ManageEngine AssetExplorer 7700 < 7710 Privilege Escalation

medium Nessus Plugin ID 252962

Synopsis

The remote web server hosts an application that is affected by an privilege escalation vulnerability.

Description

The version of ManageEngine AssetExplorer installed on the remote host is prior to 7.7 Build 7710. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-8309 advisory.

 - A privilege escalation vulnerability caused by the overly permissive regular expression (regex) rules in URL mapping ould be exploited to incorrectly match servlet paths using wildcards. (CVE-2025-8309)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade ManageEngine AssetExplorer to version 7.7 Build 7710 or later.

See Also

http://www.nessus.org/u?49b5e6ca

Plugin Details

Severity: Medium

ID: 252962

File Name: manageengine_assetexplorer_cve-2025-8309.nasl

Version: 1.1

Type: remote

Family: CGI abuses

Published: 8/20/2025

Updated: 8/20/2025

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N

CVSS Score Source: CVE-2025-8309

CVSS v3

Risk Factor: Medium

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Vulnerability Information

CPE: cpe:/a:zoho:manageengine_assetexplorer

Required KB Items: installed_sw/ManageEngine AssetExplorer

Patch Publication Date: 8/5/2025

Vulnerability Publication Date: 8/5/2025

Reference Information

CVE: CVE-2025-8309