Vulnerability Database

309,237

Total vulnerabilities in the database

CVE-2025-3444

Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter Plus versions below 14920 are vulnerable to authenticated Local File Inclusion (LFI) in the Admin module, where help card content is loaded.

Published: May 22, 2025
Updated: Nov 16, 2025
CVE: CVE-2025-3444
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-434

Affected Software
References

Software	From	Fixed in
zohocorp / manageengine_servicedesk_plus_msp	14.9-14900	14.9-14900.x
zohocorp / manageengine_servicedesk_plus_msp	-	14.8.x
zohocorp / manageengine_servicedesk_plus_msp	14.9-14910	14.9-14910.x
zohocorp / manageengine_supportcenter_plus	-	14.8.x
zohocorp / manageengine_supportcenter_plus	14.9-14900	14.9-14900.x
zohocorp / manageengine_supportcenter_plus	14.9-14910	14.9-14910.x

https://www.manageengine.com/products/service-desk-msp/cve-2025-3444.html

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo