CVE-2025-36528 is a high-severity vulnerability identified in Zoho Corporation's ManageEngine ADAudit Plus product, specifically affecting versions 8510 and earlier. The vulnerability is classified as an authenticated SQL injection (SQLi) flaw, categorized under CWE-89, which involves improper neutralization of special elements used in SQL commands. This vulnerability occurs within the Service Account Auditing reports functionality of ADAudit Plus. An authenticated attacker with at least low privileges (PR:L) can exploit this flaw remotely (AV:N) without requiring user interaction (UI:N). The vulnerability allows the attacker to inject malicious SQL code due to insufficient input sanitization or parameterization in the affected module. Successful exploitation can lead to high confidentiality and integrity impacts, such as unauthorized data disclosure, data manipulation, or escalation of privileges within the ADAudit Plus database. The availability impact is rated low, indicating that denial of service is less likely or less severe. The CVSS v3.1 base score is 8.3, reflecting the significant risk posed by this vulnerability. No known exploits are currently reported in the wild, and no official patches or mitigation links have been published as of the vulnerability disclosure date (June 9, 2025). Given that ADAudit Plus is widely used for auditing and monitoring Active Directory environments, this vulnerability could be leveraged to compromise sensitive audit logs and user activity data, potentially undermining enterprise security monitoring and compliance efforts.

For European organizations, the impact of CVE-2025-36528 could be substantial, especially for those relying on ManageEngine ADAudit Plus for Active Directory auditing and compliance monitoring. Exploitation could lead to unauthorized access to sensitive audit data, including user activity logs and service account information, which are critical for detecting insider threats and ensuring regulatory compliance (e.g., GDPR). Attackers could manipulate or exfiltrate audit records, impairing forensic investigations and enabling persistent unauthorized access. The integrity of security monitoring data could be compromised, reducing trust in security controls. Although the availability impact is low, the confidentiality and integrity breaches could facilitate further lateral movement within networks or privilege escalation attacks. Organizations in sectors with stringent compliance requirements, such as finance, healthcare, and government, may face increased regulatory and reputational risks if this vulnerability is exploited. The requirement for authentication limits exploitation to insiders or compromised accounts, but the low privilege needed and remote exploitability increase the threat surface.

Given the absence of official patches at the time of disclosure, European organizations should implement the following specific mitigation measures: 1) Restrict access to ADAudit Plus to trusted administrators only, enforcing strict role-based access controls to minimize the number of accounts with sufficient privileges to exploit the vulnerability. 2) Monitor and audit all access to the Service Account Auditing reports module for unusual or unauthorized activity, leveraging existing SIEM solutions to detect potential exploitation attempts. 3) Employ web application firewalls (WAFs) with custom rules to detect and block SQL injection patterns targeting ADAudit Plus endpoints, focusing on the Service Account Auditing reports functionality. 4) Isolate ADAudit Plus servers within segmented network zones with limited inbound access to reduce exposure. 5) Conduct internal penetration testing and code review of ADAudit Plus deployments to identify and remediate injection points if possible. 6) Prepare for rapid patch deployment by establishing communication channels with Zoho for updates and subscribing to vulnerability advisories. 7) Educate administrators about the risks of SQL injection and the importance of credential security to prevent account compromise that could lead to exploitation.