CVE-2025-41444 – CVE-2025-41444 is an authenticated SQL injectio... (How to Fix)

Q: What is the severity of CVE-2025-41444?

CVE-2025-41444 has a CVSS score of 8.3 (HIGH). CVE-2025-41444 is an authenticated SQL injection vulnerability in Zohocorp ManageEngine ADAudit Plus that allows authenticated attackers to execute arbitrary SQL commands. This affects organizations using ADAudit Plus versions 8510 and prior for Active Directory auditing. Attackers with valid credentials can potentially access, modify, or delete sensitive audit data.

📋 TL;DR

CVE-2025-41444 is an authenticated SQL injection vulnerability in Zohocorp ManageEngine ADAudit Plus that allows authenticated attackers to execute arbitrary SQL commands. This affects organizations using ADAudit Plus versions 8510 and prior for Active Directory auditing. Attackers with valid credentials can potentially access, modify, or delete sensitive audit data.

💻 Affected Systems

Products:

Zohocorp ManageEngine ADAudit Plus

Versions: 8510 and prior

Operating Systems: Windows Server, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the alerts module. All deployments with vulnerable versions are affected regardless of configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the ADAudit Plus database, allowing data exfiltration, privilege escalation, and potential lateral movement to connected Active Directory environments.

🟠

Likely Case

Unauthorized access to sensitive audit logs, user data extraction, and potential data manipulation affecting compliance reporting.

🟢

If Mitigated

Limited impact if proper network segmentation, authentication controls, and input validation are implemented.

🌐 Internet-Facing: HIGH if ADAudit Plus is exposed to the internet, as authenticated attackers could exploit remotely.

🏢 Internal Only: HIGH as authenticated internal users or compromised accounts could exploit the vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but SQL injection vulnerabilities are typically easy to exploit once identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8511 or later

Vendor Advisory: https://www.manageengine.com/products/active-directory-audit/cve-2025-41444.html

Restart Required: Yes

Instructions:

1. Download the latest version from ManageEngine website. 2. Backup current installation. 3. Run the installer to upgrade to version 8511 or later. 4. Restart the ADAudit Plus service.

🔧 Temporary Workarounds

Restrict Access to Alerts Module

all

Limit user access to the vulnerable alerts module through role-based access controls.

Network Segmentation

all

Isolate ADAudit Plus server from untrusted networks and implement strict firewall rules.

🧯 If You Can't Patch

Implement strict input validation and parameterized queries at application layer
Deploy web application firewall (WAF) with SQL injection protection rules

🔍 How to Verify

Check if Vulnerable:

Check ADAudit Plus version in web interface under Help > About or via command line in installation directory.

Check Version:

On Windows: type "C:\Program Files\ManageEngine\ADAudit Plus\conf\version.info" | On Linux: cat /opt/ManageEngine/ADAudit Plus/conf/version.info

Verify Fix Applied:

Verify version is 8511 or later and test alerts functionality for SQL injection attempts.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts followed by alerts module access
Unexpected database schema changes

Network Indicators:

SQL error messages in HTTP responses
Unusual database connection patterns from ADAudit Plus server

SIEM Query:

source="ADAudit Plus" AND (event="SQL Error" OR event="Database Error" OR uri="/alerts/*" AND status=500)

📊 Metadata

CVE ID: CVE-2025-41444

CVSS v3 Score: 8.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

CWE: CWE-89

EPSS Score: 0.5% exploit probability (65.6th percentile)

Published: June 9, 2025

Last Updated: June 16, 2025

🔗 References

https://www.manageengine.com/products/active-directory-audit/cve-2025-41444.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-41444, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Manageengine Adaudit Plus by Zohocorp

Manageengine Adaudit Plus by Zohocorp

Manageengine Adaudit Plus by Zohocorp

Manageengine Adaudit Plus by Zohocorp

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict Access to Alerts Module

Network Segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities