ManageEngine (ADAudit Plus, ADSelfService Plus) Family May 2025 Security Update Advisory

May 16 2025

Overview

Zoho(https://www.zohocorp.com/) has released a security update that addresses a vulnerability in its ManageEngine suite of products. Users of affected products are advised to update to the latest version.

Affected Products

ADAudit Plus all build versions below 8511

ADSelfService Plus 6513 and earlier builds

Resolved Vulnerabilities

High Impact SQL Injection Vulnerability (CVE-2025-41444) in ADAudit Plus [1]

High Impact SQL Injection Vulnerability in ADAudit Plus (CVE-2025-41407) [2]

High Impact SQL Injection Vulnerability in ADAudit Plus (CVE-2025-3836) [3]

High Impact SQL Injection Vulnerability in ADAudit Plus (CVE-2025-27709) [4]

High Impact SQL Injection Vulnerability in ADAudit Plus (CVE-2025-36527) [5]

High Impact SQL Injection Vulnerability in ADAudit Plus (CVE-2025-36528) [6]

High Impact SQL Injection Vulnerability in ADAudit Plus (CVE-2025-41403) [7]

High Impact SQL Injection Vulnerability in ADAudit Plus (CVE-2025-3834) [8]

High Impact SQL Injection Vulnerability in ADSelfService Plus (CVE-2025-3833) [9]

Vulnerability Patches

Please follow the security advisory published on May 14 to update to the appropriate version and the latest version.

ADAudit Plus build 8511 version

ADSelfService Plus build 6514 version

Referenced Sites

[1] CVE-2025-41444 – SQL Injection Vulnerability

https://www.manageengine.com/products/active-directory-audit/cve-2025-41444.html

[2] CVE-2025-41407 – SQL Injection Vulnerability

https://www.manageengine.com/products/active-directory-audit/cve-2025-41407.html

[3] CVE-2025-3836 – SQL Injection Vulnerability

https://www.manageengine.com/products/active-directory-audit/cve-2025-3836.html

[4] CVE-2025-27709 – SQL Injection Vulnerability

https://www.manageengine.com/products/active-directory-audit/cve-2025-27709.html

[5] CVE-2025-36527 – SQL Injection Vulnerability

https://www.manageengine.com/products/active-directory-audit/cve-2025-36527.html

[6] CVE-2025-36528 – SQL Injection Vulnerability

https://www.manageengine.com/products/active-directory-audit/cve-2025-36528.html

[7] CVE-2025-41403 – SQL Injection Vulnerability

https://www.manageengine.com/products/active-directory-audit/cve-2025-41403.html

[8] CVE-2025-3834 – SQL Injection Vulnerability

https://www.manageengine.com/products/active-directory-audit/cve-2025-3834.html

[9] CVE-2025-3833 – SQL Injection Vulnerability

https://www.manageengine.com/products/self-service-password/advisory/CVE-2025-3833.html

ManageEngine (ADAudit Plus, ADSelfService Plus) Family May 2025 Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

MS Family May 2025 Routine Security Update Advisory

Google Chrome Browser (136.0.7103.113/.114) Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

MS Family May 2025 Routine Security Update Advisory

Google Chrome Browser (136.0.7103.113/.114) Security Update Advisory