9.1

CVE-2025-11250

EPSS 1.42%
Veröffentlicht 13.01.2026 13:35:18
Zuletzt bearbeitet 29.01.2026 19:12:29
Quelle 0fc0942c-577d-436f-ae8e-945763
CVE-Watchlists
Login
Unerledigt
Login

Authentication Bypass

Zohocorp ManageEngine ADSelfService Plus versions before 6519 are vulnerable to Authentication Bypass due to improper filter configurations.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 20 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zohocorp ≫ Manageengine Adselfservice Plus Version < 6.5

Zohocorp ≫ Manageengine Adselfservice Plus Version6.5 Update6500

Zohocorp ≫ Manageengine Adselfservice Plus Version6.5 Update6501

Zohocorp ≫ Manageengine Adselfservice Plus Version6.5 Update6502

Zohocorp ≫ Manageengine Adselfservice Plus Version6.5 Update6503

Zohocorp ≫ Manageengine Adselfservice Plus Version6.5 Update6504

Zohocorp ≫ Manageengine Adselfservice Plus Version6.5 Update6505

Zohocorp ≫ Manageengine Adselfservice Plus Version6.5 Update6506

Zohocorp ≫ Manageengine Adselfservice Plus Version6.5 Update6507

Zohocorp ≫ Manageengine Adselfservice Plus Version6.5 Update6508

Zohocorp ≫ Manageengine Adselfservice Plus Version6.5 Update6509

Zohocorp ≫ Manageengine Adselfservice Plus Version6.5 Update6510

Zohocorp ≫ Manageengine Adselfservice Plus Version6.5 Update6511

Zohocorp ≫ Manageengine Adselfservice Plus Version6.5 Update6512

Zohocorp ≫ Manageengine Adselfservice Plus Version6.5 Update6513

Zohocorp ≫ Manageengine Adselfservice Plus Version6.5 Update6514

Zohocorp ≫ Manageengine Adselfservice Plus Version6.5 Update6515

Zohocorp ≫ Manageengine Adselfservice Plus Version6.5 Update6516

Zohocorp ≫ Manageengine Adselfservice Plus Version6.5 Update6517

Zohocorp ≫ Manageengine Adselfservice Plus Version6.5 Update6518

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.42%	0.693

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
0fc0942c-577d-436f-ae8e-945763c79b02	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-290 Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

https://www.manageengine.com/products/self-service-password/advisory/CVE-2025-11250.html

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-11250

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-11250

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-11250

EUVD