CVE-2025-9435 is a path traversal vulnerability classified under CWE-22 found in Zohocorp's ManageEngine ADManager Plus product, specifically impacting versions below 7230. The vulnerability resides in the User Management module, where improper limitation of pathname input allows an authenticated user with limited privileges to traverse directories beyond the intended restricted scope. This can enable unauthorized access to files or directories outside the designated areas, potentially leading to information disclosure, unauthorized modification, or disruption of service. The vulnerability requires network access (AV:N), low attack complexity (AC:L), but does require privileges (PR:L) and user interaction (UI:R). The scope is unchanged (S:U), and the impact on confidentiality, integrity, and availability is low to moderate (C:L/I:L/A:L), resulting in a CVSS 3.1 base score of 5.5, categorized as medium severity. No public exploits have been reported yet, but the nature of the vulnerability in a critical Active Directory management tool means exploitation could have serious consequences. The lack of a patch link suggests that a fix may be forthcoming or that users must upgrade to version 7230 or later to remediate. The vulnerability highlights the importance of input validation and secure file handling in enterprise management software.

For European organizations, this vulnerability poses a risk to the confidentiality, integrity, and availability of Active Directory management operations. Successful exploitation could allow an attacker with limited privileges to access sensitive configuration files or data outside the intended directory, potentially leading to unauthorized disclosure of sensitive information or modification of critical files. This could disrupt directory services, impact user management workflows, or facilitate further lateral movement within the network. Given that ADManager Plus is widely used in enterprise environments for managing Active Directory and user accounts, the impact could extend to compliance violations, operational disruptions, and increased risk of insider threats or external attacks leveraging compromised AD infrastructure. The requirement for authentication and user interaction reduces the likelihood of widespread automated exploitation but does not eliminate the risk, especially from malicious insiders or targeted attacks. Organizations in Europe with complex AD environments and regulatory requirements around data protection should consider this vulnerability a significant operational risk.

1. Upgrade ManageEngine ADManager Plus to version 7230 or later as soon as the patch is available to eliminate the vulnerability. 2. Until patching is possible, restrict access to the User Management module to only trusted and necessary personnel to reduce the attack surface. 3. Implement strict role-based access controls (RBAC) and monitor privilege assignments to ensure no unnecessary privileges are granted. 4. Enable detailed logging and monitoring of file access and directory traversal attempts within the ADManager Plus environment to detect suspicious activity early. 5. Conduct regular security audits and vulnerability assessments on AD management tools and related infrastructure. 6. Educate users about the risks of interacting with potentially malicious inputs or links that could trigger exploitation. 7. Network segmentation and limiting exposure of ADManager Plus interfaces to trusted networks can reduce external attack vectors. 8. Review and harden input validation mechanisms if custom integrations or scripts interact with ADManager Plus to prevent similar vulnerabilities.