What is CVE-2025-5494?

CVE-2025-5494 is a low-severity vulnerability in Zohocorp Endpoint Central, classified under Improper Privilege Management. CVSS score: 3.9/10. Published 2025-09-25.

How severe is CVE-2025-5494?

Low severity. CVSS v3 base score is 3.9 out of 10.

Privilege escalation in Zohocorp Endpoint Central

CVE-2025-5494

ZohoCorp ManageEngine Endpoint Central was impacted by an improper privilege management issue in the agent setup. This issue affects Endpoint Central: through 11.4.2500.25, through 11.4.2508.13.

Vulnerability class: Privilege Escalation

EPSS: 0.003 (16.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.9 (Low). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L.

Affected products

Zohocorp Endpoint Central — versions 0
Zohocorp Manageengine_endpoint_central

Weakness classification (CWE)

CWE-269 — Improper Privilege Management

References

0fc0942c-577d-436f-ae8e-945763c79b02 (Vendor Advisory)

Frequently asked questions

What is CVE-2025-5494?: CVE-2025-5494 is a low-severity vulnerability in Zohocorp Endpoint Central, classified under Improper Privilege Management. CVSS score: 3.9/10. Published 2025-09-25.
How severe is CVE-2025-5494?: Low severity. CVSS v3 base score is 3.9 out of 10.