CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-1723: Account takeover

8.1 CVSS

Description

Zohocorp ManageEngine ADSelfService Plus versions 6510 and below are vulnerable to account takeover due to the session mishandling. Valid account holders in the setup only have the potential to exploit this bug.

Classification

CVE ID: CVE-2025-1723

CVSS Base Severity: HIGH

CVSS Base Score: 8.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Problem Types

CWE-287 Improper Authentication

Affected Products

Vendor: ManageEngine

Product: ADSelfService Plus

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 5.52% (scored less or equal to compared to others)

EPSS Date: 2025-04-01 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-1723
https://www.manageengine.com/products/self-service-password/advisory/CVE-2025-1723.html

Timeline