# CVE-2025-5494 Privilege Escalation Vulnerability

This document addresses the specific challenges associated with the privilege escalation vulnerability in Endpoint Central agent.

**CVE**: CVE-2025-5494  
**Severity**: Low  
**Attack Vector**: Local  
**Fixed build**:  
For versions 11.4.2500.25 or below, upgrade to version 11.4.2500.26  
For versions 11.4.2508.13 or below, upgrade to version 11.4.2508.14  
**Fix release date**: 24-Apr-2025  
**Reported by**: Chris Au via ZohoCorp Bug bounty program

## What was the problem?

Privileged file deletion performed by Endpoint Central agent during patch scan can be exploited to elevate privileges to SYSTEM.

## How to fix it?

Upgrading to the latest version is strongly advised due to this vulnerability's severity. To upgrade, follow the below steps:

1. Login to the Endpoint Central console, and click on your current build number in the top right corner.
2. You'll be able to find the latest build applicable to you. **Download the PPM** and update.

For any further questions or concerns on this, please write to our [support team](mailto:endpointcentral-support@manageengine.com).