Authenticated SQL Injection Vulnerability in Zohocorp ManageEngine ADSelfService Plus
CVE-2025-3833

8.1HIGH

Key Information:

Vendor: Manageengine
Status: Adselfservice Plus
Vendor: CVE Published:; 14 May 2025

🔔 Create Manageengine Vulnerability Alert

What is CVE-2025-3833?

Zohocorp's ManageEngine ADSelfService Plus, specifically versions 6513 and earlier, is susceptible to an authenticated SQL injection vulnerability within its multi-factor authentication (MFA) reporting feature. This vulnerability could potentially allow unauthorized access to sensitive data, emphasizing the importance of implementing security measures to safeguard against such exploits.

Affected Version(s)

ADSelfService Plus 0 < 6514

References

https://www.manageengine.com/products/self-service-passwo...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2025
Vulnerability Reserved
Apr 21, 2025