Main Vulnerability Database Exploits ID:12106 - Exploit for Security features bypass in ManageEngine Applications Manager - CVE-2025-9223

ID:12106 - Exploit for Security features bypass in ManageEngine Applications Manager - CVE-2025-9223

Published: November 14, 2025

Vulnerability identifier: #VU117629

Vulnerability risk: Medium

CVE-ID: CVE-2025-9223

CWE-ID: CWE-254

Exploitation vector: Remote access

Vulnerable software:
ManageEngine Applications Manager

Link to public exploit:

https://github.com/networkkiller/CVE-2025-9223

Vulnerability description

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to improper input validation when creating / updating the execute program action. A remote user can bypass command blacklist and execute restricted commands via the Execute Program action.

Remediation

Install updates from vendor's website.

ID:12106 - Exploit for Security features bypass in ManageEngine Applications Manager - CVE-2025-9223

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human