CVE-2025-1723

high

Description

Zohocorp ManageEngine ADSelfService Plus versions 6510 and below are vulnerable to account takeover due to the session mishandling. Valid account holders in the setup only have the potential to exploit this bug.

References

https://securityonline.info/cve-2025-1723-zoho-patches-account-takeover-vulnerability-in-adselfservice-plus/

https://www.manageengine.com/products/self-service-password/advisory/CVE-2025-1723.html

Details

Source: Mitre, NVD

Published: 2025-03-03

Updated: 2025-03-03

Risk Information

CVSS v2

Base Score: 8.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:N

Severity: High

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N