Executive Risk Summary
"Zohocorp ManageEngine ADSelfService Plus versions 6510 and below are vulnerable to account takeover due to session mishandling, allowing valid account holders to exploit this bug. This vulnerability can lead to unauthorized access to sensitive information and systems."
Anticipated Attack Path
- 1. Initial Exploitation: Valid account holder exploits session mishandling
- 2. Privilege Escalation: Gains access to other accounts within the setup
- 3. Lateral Movement: Potentially accesses sensitive information and systems
Am I Vulnerable?
- Verify ManageEngine ADSelfService Plus version
- Check for signs of unauthorized account access
- Review session management configurations
Operational Audit Arsenal
Target Type Service
Target Asset ManageEngine ADSelfService Plus
Standard Path https://www.manageengine.com/products/self-service-password/advisory/CVE-2025-1723.html
Manual Verification Required
This is a non-Windows asset (Zohocorp). Use the target asset details and official path provided above to verify your current version against the official vendor advisories listed below.
Patch Impact Forecast
Reboot Required Unlikely
Minimal, as the patch only affects the ManageEngine ADSelfService Plus component
Internal Work Notes
Account takeover vulnerability in ManageEngine ADSelfService Plus due to session mishandling, requiring immediate patching and review of session management configurations.
Technical Intelligence & Operational Utilities • Delivered Weekly
Intelligence Sources
Related Zohocorp Threats
Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.