CVE-2025-9223 Severity High Affected Software Versions Version 178100 and below Fixed Version Version 178200 and above Version 178001 to 178009 Fixed On 22 October 2025 Details When creating/updating the execute program action, the command blacklist validation was bypassed when the attacker specified absolute paths for blacklisted commands, effectively bypassing security controls designed to prevent dangerous operations. Impact Authenticated users could execute blacklisted sensitive commands with administrative privileges on Applications Manager servers, potentially compromising system security and integrity. Fix Applications Manager version 178200 (refer above for other fixed versions) and above requires super admin approval to execute program actions. New actions remain disabled pending approval, preventing unauthorized command execution. Steps to Update Update your Applications Manager instance to the latest build using the service pack. Source and Acknowledgements Find out more about CVE-2025-9223 from the CVE Directory and NIST NVD. Reported by Johan Need Help? For clarification or corrections, please contact the support team or email at appmanager-support@manageengine.com.