What is CVE-2025-1723?

CVE-2025-1723 is a high-severity vulnerability in Manageengine Adselfservice Plus, classified under Improper Authentication. CVSS score: 8.1/10. Published 2025-03-03.

How severe is CVE-2025-1723?

High severity. CVSS v3 base score is 8.1 out of 10.

Auth bypass in Manageengine Adselfservice Plus

CVE-2025-1723

Zohocorp ManageEngine ADSelfService Plus versions 6510 and below are vulnerable to account takeover due to the session mishandling. Valid account holders in the setup only have the potential to exploit this bug.

Vulnerability class: Broken Authentication

EPSS: 0.014 (69.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N.

Affected products

Manageengine Adselfservice Plus — versions 0
Zohocorp Manageengine_adselfservice_plus — versions 6.5

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

0fc0942c-577d-436f-ae8e-945763c79b02 (Vendor Advisory)

Frequently asked questions

What is CVE-2025-1723?: CVE-2025-1723 is a high-severity vulnerability in Manageengine Adselfservice Plus, classified under Improper Authentication. CVSS score: 8.1/10. Published 2025-03-03.
How severe is CVE-2025-1723?: High severity. CVSS v3 base score is 8.1 out of 10.