CVE-2025-6239

Information disclosure vulnerability in debug-info HTML files of a File/Directory monitor

Vulnerability Details
Severity	Medium
CVE ID	CVE-2025-6239
Affected software versions	Version 176800 and below
Fixed Version	Version 176701 Version 176900 and above
Fixed On	21 July 2025

Details

For customers using the File/Directory monitor with content check enabled, an Information Disclosure vulnerability may arise if a file containing sensitive information from the Applications Manager directory is configured in the monitor. In such cases, this information is exposed via Debug-Info HTML files.

Impact

This vulnerability exposes encrypted database credentials of Applications Manager through Debug-Info HTML files. Authenticated users can access this information if such a File / Directory monitor is configured by the Administrator or Delegated Administrator.

Fix

Applications Manager version 176900 (refer above for other fixed versions) and above fixes this issue by restricting the content check when a file from Applications Manager is configured in File / Directory monitor.

Steps to update

Update your Applications Manager instance to the latest build using the service pack.

Source and Acknowledgements

Find out more about CVE-2025-6239 from the CVE Directory and NIST NVD.

Reported by:

Ngockhanhc311 from FPT NightWolf

Need Help?

For clarification or corrections please contact our support team or email us at appmanager-support@manageengine.com

Loved by customers all over the world

"Standout Tool With Extensive Monitoring Capabilities"

★ ★ ★ ★ ★

It allows us to track crucial metrics such as response times, resource utilization, error rates, and transaction performance. The real-time monitoring alerts promptly notify us of any issues or anomalies, enabling us to take immediate action.

Reviewer Role: Research and Development

"I like Applications Manager because it helps us to detect issues present in our servers and SQL databases."

Carlos Rivero

Tech Support Manager, Lexmark