CVE-2025-1723: Account takeover
First published: Mon Mar 03 2025(Updated: )
Zohocorp ManageEngine ADSelfService Plus versions 6510 and below are vulnerable to account takeover due to the session mishandling. Valid account holders in the setup only have the potential to exploit this bug.
Credit: 0fc0942c-577d-436f-ae8e-945763c79b02
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ADSelfService Plus | <=6510 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-1723?
CVE-2025-1723 has a high severity rating due to the potential for account takeover resulting from session mishandling.
How do I fix CVE-2025-1723?
To mitigate CVE-2025-1723, update Zohocorp ManageEngine ADSelfService Plus to version 6511 or later.
Who is affected by CVE-2025-1723?
CVE-2025-1723 affects all users of Zohocorp ManageEngine ADSelfService Plus versions 6510 and below.
What type of vulnerability is CVE-2025-1723?
CVE-2025-1723 is a session handling vulnerability that can lead to account takeover.
Can valid account holders exploit CVE-2025-1723?
Yes, valid account holders can potentially exploit CVE-2025-1723 due to the mishandling of sessions.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/references
- agent/first-publish-date
- agent/description
- agent/type
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/author
- agent/source
- agent/severity
- agent/tags
- agent/event
- vendor/zohocorp
- canonical/adselfservice plus