2 matches found
CVE-2025-1723 Account takeover
Zohocorp ManageEngine ADSelfService Plus versions 6510 and below are vulnerable to account takeover due to the session mishandling. Valid account holders in the setup only have the potential to exploit this bug...
CVE-2025-1723
CVE-2025-1723 affects Zohocorp ManageEngine ADSelfService Plus versions 6510 and earlier. The root cause is session mishandling in ADSelfService Plus, which can enable account takeover by valid users, especially when MFA is not enabled. Multiple connected sources (Red Hat advisory, NVD/NCSC/CVE r...