What is CVE-2025-11248?

CVE-2025-11248 is a low-severity vulnerability in Zohocorp Manageengine Endpoint Central, classified under Insertion of Sensitive Information into Log File. CVSS score: 3.2/10. Published 2025-10-27.

How severe is CVE-2025-11248?

Low severity. CVSS v3 base score is 3.2 out of 10.

Information disclosure in Zohocorp Manageengine Endpoint Central

CVE-2025-11248

ZohoCorp ManageEngine Endpoint Central versions prior to 11.4.2528.05 are vulnerable to a sensitive information logging issue. An authenticated user with access to the logs could potentially obtain the sensitive agent token.

EPSS: 0.005 (37.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.2 (Low). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N.

Affected products

Zohocorp Manageengine Endpoint Central — versions 0
Zohocorp Manageengine_endpoint_central

Weakness classification (CWE)

CWE-532 — Insertion of Sensitive Information into Log File

References

0fc0942c-577d-436f-ae8e-945763c79b02 (Vendor Advisory)

Frequently asked questions

What is CVE-2025-11248?: CVE-2025-11248 is a low-severity vulnerability in Zohocorp Manageengine Endpoint Central, classified under Insertion of Sensitive Information into Log File. CVSS score: 3.2/10. Published 2025-10-27.
How severe is CVE-2025-11248?: Low severity. CVSS v3 base score is 3.2 out of 10.