CVE-2025-9223
Published: 11 November 2025
Summary
CVE-2025-9223 is a high-severity Command Injection (CWE-77) vulnerability. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 12.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-10 (Information Input Validation).
Deeper analysis
Zohocorp ManageEngine Applications Manager versions 178100 and below are affected by an authenticated command injection vulnerability (CVE-2025-9223) caused by improper configuration of the execute program action feature. The flaw carries a CVSS 3.1 score of 8.8 and is categorized as CWE-77, enabling remote command execution with high impact on confidentiality, integrity, and availability.
An attacker with low-privileged authenticated access can exploit the issue over the network with low complexity and no user interaction, allowing arbitrary command execution on the target system.
The vendor advisory at https://www.manageengine.com/products/applications-manager/security-updates/security-updates-cve-2025-9223.html provides mitigation guidance, including available patches for the affected product versions.
The associated EPSS score has remained flat at 0.0336 with no material rise since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-84349
Vulnerability details
Zohocorp ManageEngine Applications Manager versions 178100 and below are vulnerable to authenticated command injection vulnerability due to the improper configuration in the execute program action feature.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Authenticated command injection in ManageEngine Applications Manager, a public-facing web application, enables remote code execution via exploitation of the vulnerable execute program action feature (T1190) and arbitrary command execution (T1059).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents command injection by validating and sanitizing user inputs to the execute program action feature.
Addresses the improper configuration in the execute program action feature by enforcing secure configuration settings.
Mitigates the vulnerability through timely patching as recommended in the ManageEngine security advisory.