CVE-2025-1723
Published: 03 March 2025
Summary
CVE-2025-1723 is a high-severity Improper Authentication (CWE-287) vulnerability in Zohocorp Manageengine Adselfservice Plus. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Valid Accounts (T1078); ranked in the top 47.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-12 (Session Termination) and SC-23 (Session Authenticity).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly protects session authenticity against mishandling that enables account takeover by low-privilege users.
Enforces proper session termination to prevent exploitation of mishandled sessions leading to unauthorized account access.
Requires re-authentication for sensitive actions, mitigating account takeover risks from compromised or mishandled sessions.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Session mishandling in a web app with valid low-priv accounts directly enables web session cookie theft/hijacking (T1539) for account takeover and subsequent use of valid accounts (T1078) for unauthorized access/escalation.
NVD Description
Zohocorp ManageEngine ADSelfService Plus versions 6510 and below are vulnerable to account takeover due to the session mishandling. Valid account holders in the setup only have the potential to exploit this bug.
Deeper analysisAI
CVE-2025-1723 is a vulnerability in Zohocorp ManageEngine ADSelfService Plus versions 6510 and below that enables account takeover due to improper session mishandling. Assigned CWE-287 (Improper Authentication), it carries a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N), indicating high severity with network accessibility, low attack complexity, and requirements for low privileges but no user interaction.
The vulnerability can only be exploited by valid account holders already present in the setup, who require low-level privileges (PR:L). Attackers with such access can leverage session mishandling over the network to achieve account takeover, resulting in high impacts to confidentiality and integrity, such as unauthorized access to other accounts, data exfiltration, or privilege escalation within the affected instance.
The vendor has issued an advisory with mitigation guidance at https://www.manageengine.com/products/self-service-password/advisory/CVE-2025-1723.html, which security practitioners should consult for patch availability and recommended remediation steps.
Details
- CWE(s)