CVE-2025-11248 LOW

CVE-2025-11248: Sensitive Information Logged

Vendor Zohocorp
Product ManageEngine Endpoint Central
Weakness CWE-532 · Sensitive info in logs
Published October 27, 2025
Last update October 27, 2025

CVSS base score

3.2/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

ZohoCorp ManageEngine Endpoint Central versions prior to 11.4.2528.05 are vulnerable to a sensitive information logging issue. An authenticated user with access to the logs could potentially obtain the sensitive agent token.

Key dates

02Disclosure timeline

October 27, 2025 CVE published
October 27, 2025 Record updated