Cyber Posture

CVE-2025-11250

Critical

Published: 13 January 2026

Published
13 January 2026
Modified
29 January 2026
KEV Added
Patch
CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0012 30.7th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-11250 is a critical-severity Authentication Bypass by Spoofing (CWE-290) vulnerability in Zohocorp Manageengine Adselfservice Plus. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 30.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Requires identification, reporting, and correction of the authentication bypass flaw in ManageEngine ADSelfService Plus, directly enabling patching to version 6519 or later.

AC-3 Access Enforcement good match
prevent

Mandates enforcement of approved authorizations for logical access, directly countering the improper filter configurations that allow authentication bypass.

CM-6 Configuration Settings partial match
prevent

Ensures configuration settings for filters and access mechanisms are properly established and enforced to mitigate misconfigurations leading to auth bypass.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

The vulnerability is an authentication bypass in a public-facing web application (ManageEngine ADSelfService Plus), directly enabling exploitation of public-facing applications for unauthorized access.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Zohocorp ManageEngine ADSelfService Plus versions before 6519 are vulnerable to Authentication Bypass due to improper filter configurations.

Deeper analysisAI

Zohocorp ManageEngine ADSelfService Plus versions before 6519 are vulnerable to an authentication bypass flaw, tracked as CVE-2025-11250 and published on 2026-01-13. The issue stems from improper filter configurations, mapped to CWE-290, and carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), indicating critical severity due to high impacts on confidentiality and integrity.

Unauthenticated attackers can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation allows bypassing authentication mechanisms, potentially granting unauthorized access to sensitive data and enabling integrity violations without affecting availability.

The vendor's advisory at https://www.manageengine.com/products/self-service-password/advisory/CVE-2025-11250.html provides details on mitigation, including upgrading to version 6519 or later. Security practitioners should review the advisory for full patch instructions and workarounds.

Details

CWE(s)
CWE-290

Affected Products

zohocorp
manageengine adselfservice plus
6.5 · ≤ 6.5

CVEs Like This One

CVE-2025-1723Same product: Zohocorp Manageengine Adselfservice Plus
CVE-2025-9428Same product class: network monitoring / SIEM
CVE-2026-28756Same product class: network monitoring / SIEM
CVE-2026-4108Same product class: network monitoring / SIEM
CVE-2026-28703Same product class: network monitoring / SIEM
CVE-2026-27655Same product class: network monitoring / SIEM
CVE-2026-3879Same product class: network monitoring / SIEM
CVE-2026-4107Same product class: network monitoring / SIEM
CVE-2025-11669Same product class: network monitoring / SIEM
CVE-2024-41140Same product class: network monitoring / SIEM

References