CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2025-11250

CVSS 9.1v3.1pub. 2026-01-13upd. 2026-01-29

Zohocorp ManageEngine ADSelfService Plus versions before 6519 are vulnerable to Authentication Bypass due to improper filter configurations.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Zohocorp Manageengine Adselfservice Plus

    APP
    Zohocorp
    6.5< 6.5
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2022-47966CRITICAL9.8⚠ KEVten sam produkt

Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code exec...

CVE-2021-40539CRITICAL9.8⚠ KEVten sam produkt

Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass wi...

CVE-2023-35854CRITICAL9.8ten sam produkt

Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal ...

CVE-2022-36413CRITICAL9.1ten sam produkt

Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a passwo...

CVE-2021-37423CRITICAL9.8ten sam produkt

Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover.