{"id":52102,"date":"2025-06-15T05:02:00","date_gmt":"2025-06-15T05:02:00","guid":{"rendered":""},"modified":"2025-07-08T23:21:30","modified_gmt":"2025-07-09T05:21:30","slug":"cve-2025-36528-authenticated-sql-injection-in-zohocorp-manageengine-adaudit-plus","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-36528-authenticated-sql-injection-in-zohocorp-manageengine-adaudit-plus\/","title":{"rendered":"<strong>CVE-2025-36528: Authenticated SQL Injection in Zohocorp ManageEngine ADAudit Plus<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>The IT world has been alerted to yet another security vulnerability, this time within Zohocorp ManageEngine ADAudit Plus software. As CVE-2025-36528, this vulnerability constitutes a significant threat to the safety and privacy of data stored within organizations utilizing versions 8510 and prior of the ADAudit Plus product. In essence, this vulnerability opens the door to authenticated SQL injection attacks, <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2024-49835-memory-corruption-vulnerability-leading-to-potential-data-leakage-or-system-compromise\/\"  data-wpil-monitor-id=\"58425\">leading to potential system compromise and data leakage<\/a>. The <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2024-52928-severe-bypass-issue-in-arc-on-windows-allows-unauthorized-permissions-grant\/\"  data-wpil-monitor-id=\"65093\">severity of this issue<\/a> has been emphasized by its CVSS Severity Score of 8.3, indicating a high impact threat.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2025-36528<br \/>\nSeverity: High (8.3\/10)<br \/>\nAttack Vector: Network<br \/>\nPrivileges Required: Low<br \/>\nUser Interaction: Required<br \/>\nImpact: <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-5527-critical-vulnerability-exposing-potential-system-compromise-in-tenda-rx3\/\"  data-wpil-monitor-id=\"58729\">Potential system compromise<\/a> or data leakage<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-1092301546\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 700px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 20px; font-weight: 600; display: flex; align-items: center;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 8px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 40px; height: 40px;\" \/>\r\n    <\/a>\r\n    A new way to communicate\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 12px;\">\r\n    Ameeba Chat is built on encrypted identity, not personal profiles.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 16px;\">\r\n    Message, call, share files, and coordinate with identities kept separate.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 20px;\">\r\n    <li>\u2022 Encrypted identity<\/li>\r\n    <li>\u2022 Ameeba Chat authenticates access<\/li>\r\n    <li>\u2022 Aliases and categories<\/li>\r\n    <li>\u2022 End-to-end encrypted chat, calls, and files<\/li>\r\n    <li>\u2022 Secure notes for sensitive information<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px;\">\r\n    Private communication, rethought.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Download Ameeba Chat<\/a>\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Learn More<\/a>\r\n  <\/div>\r\n<\/div>\r\n<\/div>\n<p>Product | Affected Versions<\/p>\n<p>Zohocorp ManageEngine ADAudit Plus | <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-44148-critical-xss-vulnerability-in-mailenable-prior-to-version-10\/\"  data-wpil-monitor-id=\"58677\">Versions 8510 and prior<\/a><\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>The exploit takes advantage of a lack of proper sanitization for user-supplied input in Service Account Auditing reports within the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-41646-critical-authentication-bypass-vulnerability-in-affected-software-packages\/\"  data-wpil-monitor-id=\"59297\">affected software<\/a>. An attacker with authenticated access can <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-46154-sql-time-injection-vulnerability-in-foxcms-v1-25\/\"  data-wpil-monitor-id=\"58512\">inject malicious SQL<\/a> commands, which then execute in the context of the application&#8217;s database. This allows the attacker to view, modify, or delete data, potentially <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-21460-memory-corruption-vulnerability-in-guest-vm-buffer-processing-leading-to-system-compromise\/\"  data-wpil-monitor-id=\"59014\">leading to a full system<\/a> compromise.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-22263707\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>Given the nature of this vulnerability, an attacker could potentially exploit it using a specially crafted <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-5739-critical-buffer-overflow-vulnerability-in-totolink-x15-http-post-request-handler\/\"  data-wpil-monitor-id=\"60856\">HTTP request<\/a>. The following pseudocode provides a conceptual example of how this might occur:<\/p>\n<pre><code class=\"\" data-line=\"\">POST \/ADAuditPlus\/ServiceAccountAuditReport HTTP\/1.1\nHost: target.example.com\nContent-Type: application\/json\nAuthorization: Bearer &lt;Authenticated User Token&gt;\n{\n&quot;report_parameters&quot;: &quot;&#039;; DROP TABLE users; --&quot;\n}<\/code><\/pre>\n<p>In this example, the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-22455-local-authenticated-attacker-decrypts-stored-sql-credentials-in-ivanti-workspace-control\/\"  data-wpil-monitor-id=\"60855\">attacker submits a maliciously crafted &#8216;report_parameters&#8217; value that contains SQL<\/a> commands. These <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-21480-memory-corruption-vulnerability-in-gpu-micronode-leads-to-unauthorized-command-execution\/\"  data-wpil-monitor-id=\"58505\">commands could lead<\/a> to harmful actions such as deletion of crucial data tables.<\/p>\n<p><strong>Mitigation and Prevention<\/strong><\/p>\n<p>The vendor, Zohocorp, has released a patch that <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2024-49842-critical-memory-corruption-vulnerability-in-protected-vm-address-space\/\"  data-wpil-monitor-id=\"59015\">addresses this vulnerability<\/a>. As such, users of the affected software versions are urged to apply the patch as soon as possible. For temporary mitigation, users can employ Web Application Firewalls (WAFs) or Intrusion Detection Systems (IDS) to detect and block <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-4578-sql-injection-vulnerability-in-file-provider-wordpress-plugin\/\"  data-wpil-monitor-id=\"58807\">SQL injection<\/a> attempts. However, these measures are not long-term solutions and should be followed by patch application.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview The IT world has been alerted to yet another security vulnerability, this time within Zohocorp ManageEngine ADAudit Plus software. As CVE-2025-36528, this vulnerability constitutes a significant threat to the safety and privacy of data stored within organizations utilizing versions 8510 and prior of the ADAudit Plus product. In essence, this vulnerability opens the door [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[],"product":[],"attack_vector":[74],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-52102","post","type-post","status-publish","format-standard","hentry","category-uncategorized","attack_vector-sql-injection"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/52102","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=52102"}],"version-history":[{"count":10,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/52102\/revisions"}],"predecessor-version":[{"id":58546,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/52102\/revisions\/58546"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=52102"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=52102"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=52102"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=52102"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=52102"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=52102"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=52102"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=52102"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=52102"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}