CVE-2025-5496 LOW

CVE-2025-5496: Arbitrary File Deletion

Vendor Zohocorp

Product Endpoint Central

Weakness CWE-269

Published October 21, 2025

Last update October 21, 2025

View on NVD All CVEs

CVSS base score

3.3/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

ZohoCorp ManageEngine Endpoint Central versions earlier than 11.4.2508.14, 11.4.2516.06, and 11.4.2518.01 are affected by an arbitrary file deletion vulnerability in the agent setup component.

Key dates

02Disclosure timeline

October 21, 2025 CVE published

October 21, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-5496 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/269.html

Related vulnerabilities

04Related CVE

CVE-2025-8489 King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor 24.12.92 - 51.1.14 - Unauthenticated Privilege Escalation CVE-2024-33550 WordPress WP Masquerade plugin <= 1.1.0 - Authenticated Account Takeover vulnerability CVE-2025-15100 JAY Login & Register <= 2.6.03 - Authenticated (Subscriber+) Privilege Escalation via jay_panel_ajax_update_profile CVE-2023-51546 WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin <= 4.2.1 - Privilege Escalation vulnerability CVE-2026-12165 Contest Gallery <= 30.0.2 - Authenticated (Author+) Privilege Escalation via 'RegistryUserRole' Parameter

Identifiers

CVE CVE-2025-5496

CWE CWE-269

CVSS 3.3 / LOW

Affected versions

Vendor Zohocorp

Product Endpoint Central

Affected < 11.4.2508.14

Vendor Zohocorp

Product Endpoint Central

Affected < 11.4.2516.06

Vendor Zohocorp

Product Endpoint Central

Affected < 11.4.2518.01