CVE-2025-36528 | ManageEngine ADAudit Plus - Service Account Auditing reports Operational Intel

Executive Risk Summary

"ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in Service Account Auditing reports, allowing an attacker to potentially extract or modify sensitive data. This vulnerability requires authentication, limiting the attack vector to authorized users."

Anticipated Attack Path

1. Authentication to ManageEngine ADAudit Plus
2. Access to Service Account Auditing reports
3. Injection of malicious SQL code

Am I Vulnerable?

Verify ManageEngine ADAudit Plus version
Review Service Account Auditing reports for suspicious activity
Limit access to authorized personnel

Operational Audit Arsenal

Target Type Windows Service

Target Asset ADAuditPlus.exe

Standard Path C:\Program Files\ManageEngine\ADAuditPlus\bin

Manual Verification Required

This is a non-Windows asset (Zohocorp). Use the target asset details and official path provided above to verify your current version against the official vendor advisories listed below.

Patch Impact Forecast

Reboot Required Unlikely

Minimal, limited to ADAudit Plus service

Internal Work Notes

CVE-2025-36528: ManageEngine ADAudit Plus SQL injection vulnerability - requires authentication, potential data tampering or unauthorized access.

Technical Intelligence & Operational Utilities • Delivered Weekly

Intelligence Sources

Official Advisoryhttps://www.manageengine.com/products/active-directory-audit/cve-2025-36528.html

Related Zohocorp Threats

CVE-2025-8324 CVSS 9.8

ManageEngine Analytics Plus - Analytics Plus Service

CVE-2025-3835 CVSS 9.6

ManageEngine Exchange Reporter Plus - Content Search module

CVE-2025-11250 CVSS 9.1

ManageEngine ADSelfService Plus - Authentication Module

Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.