CVE-2025-1723

EUVD-2025-5812
Zohocorp ManageEngine ADSelfService Plus versions 6510 and below are vulnerable to account takeover due to the session mishandling. Valid account holders in the setup only have the potential to exploit this bug.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
ManageEngineCNA
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
Affected Products (NVD)
VendorProductVersion
zohocorpmanageengine_adselfservice_plus
𝑥
< 6.5
zohocorpmanageengine_adselfservice_plus
6.5:6500
zohocorpmanageengine_adselfservice_plus
6.5:6501
zohocorpmanageengine_adselfservice_plus
6.5:6502
zohocorpmanageengine_adselfservice_plus
6.5:6503
zohocorpmanageengine_adselfservice_plus
6.5:6504
zohocorpmanageengine_adselfservice_plus
6.5:6505
zohocorpmanageengine_adselfservice_plus
6.5:6506
zohocorpmanageengine_adselfservice_plus
6.5:6507
zohocorpmanageengine_adselfservice_plus
6.5:6508
zohocorpmanageengine_adselfservice_plus
6.5:6509
zohocorpmanageengine_adselfservice_plus
6.5:6510
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.manageengine.com/products/self-service-password/advisory/CVE-2025-1723.html