CVE-2025-3444

Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter Plus versions below 14920 are vulnerable to authenticated Local File Inclusion (LFI) in the Admin module, where help card content is loaded.

Published: May 22, 2025
Updated: May 23, 2025
CVE: CVE-2025-3444
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
zohocorp / manageengine_servicedesk_plus_msp	14.9-14900	14.9-14900.x
zohocorp / manageengine_servicedesk_plus_msp	-	14.8.x
zohocorp / manageengine_servicedesk_plus_msp	14.9-14910	14.9-14910.x
zohocorp / manageengine_supportcenter_plus	-	14.8.x
zohocorp / manageengine_supportcenter_plus	14.9-14900	14.9-14900.x
zohocorp / manageengine_supportcenter_plus	14.9-14910	14.9-14910.x

https://www.manageengine.com/products/service-desk-msp/cve-2025-3444.html

Vulnerability Database

289,782

CVE-2025-3444