ByteOS Network

NVD Vulnerability Details :

CVE-2025-7473

Analyzed

Source-0fc0942c-577d-436f-ae8e-945763c79b02

Published At-21 Oct, 2025 | 11:15

Updated At-23 Oct, 2025 | 14:36

Zohocorp ManageEngine EndPoint Central versions 11.4.2516.1 and prior are vulnerable to XML Injection.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.2	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
Primary	3.1	5.3	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Type: Secondary

Version: 3.1

Base score: 5.2

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L

Type: Primary

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

>>manageengine_endpoint_central>>Versions up to 11.4.2516.01(inclusive)

CWE ID	Type	Source
CWE-91	Secondary	0fc0942c-577d-436f-ae8e-945763c79b02

CWE ID: CWE-91

Type: Secondary

Source: 0fc0942c-577d-436f-ae8e-945763c79b02

Hyperlink	Source	Resource
https://www.manageengine.com/products/desktop-central/parsing-xml-data.html	0fc0942c-577d-436f-ae8e-945763c79b02	Vendor Advisory

Hyperlink: https://www.manageengine.com/products/desktop-central/parsing-xml-data.html

Source: 0fc0942c-577d-436f-ae8e-945763c79b02

Resource:

Vendor Advisory