CVE-2025-11248: Enhancement in Log Handling and Validation Mechanism

This document addresses an Enhancement in Log Handling and Validation Mechanism in Endpoint Central agent

CVE ID: CVE-2025-11248

Severity: Medium

Release date: Sept 16, 2025

Released build: 11.4.2528.05

What was the problem?

In certain scenarios, an authenticated user with access to logs could potentially replay valid requests. While no misuse has been identified, this issue has been addressed by enhancing the validation mechanisms to prevent such occurrences.

How do I fix it?

To upgrade, follow the steps below:

1. Login to your Endpoint Central console, click on your current build number on the top right corner.
2. You'll be able to find the latest build applicable to you. Download the PPM and update.

Credits

Conor McNally via ManageEngine's Bug Bounty program.

Help

For any further questions or concerns on this, please write to our support team at endpointcentral-support@manageengine.com