CVE-2025-1723

Zohocorp ManageEngine ADSelfService Plus versions 6510 and below are vulnerable to account takeover due to thesession mishandling. Valid account holders in the setup only have the potential to exploit this bug.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
ManageEngineCNA
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
VendorProductVersion
zohocorpmanageengine_adselfservice_plus
𝑥
< 6.5
zohocorpmanageengine_adselfservice_plus
6.5:6500
zohocorpmanageengine_adselfservice_plus
6.5:6501
zohocorpmanageengine_adselfservice_plus
6.5:6502
zohocorpmanageengine_adselfservice_plus
6.5:6503
zohocorpmanageengine_adselfservice_plus
6.5:6504
zohocorpmanageengine_adselfservice_plus
6.5:6505
zohocorpmanageengine_adselfservice_plus
6.5:6506
zohocorpmanageengine_adselfservice_plus
6.5:6507
zohocorpmanageengine_adselfservice_plus
6.5:6508
zohocorpmanageengine_adselfservice_plus
6.5:6509
zohocorpmanageengine_adselfservice_plus
6.5:6510
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.manageengine.com/products/self-service-password/advisory/CVE-2025-1723.html