CVE-2025-11250

Critical CVSS: 9.1

Zohocorp ManageEngine ADSelfService Plus versions before 6519 are vulnerable to Authentication Bypass due to improper filter configurations.

Vendor

Product

CWE

Yayın Tarihi

2026-01-13 14:16:36

Güncelleme

2026-01-29 19:12:29

Source Identifier

0fc0942c-577d-436f-ae8e-945763c79b02

KEV Date Added

CWE-290 Manageengine Adselfservice Plus CRITICAL Zohocorp 2026

https://www.manageengine.com/products/self-service-password/advisory/CVE-2025-11250.html

High

CVE-2026-27655

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions Based on M…

High

CVE-2026-4107

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Folder Message Count a…

High

CVE-2026-4108

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Non-Owner Mailbox Perm…

High

CVE-2026-3879

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Equipment Mailbox Deta…

High

CVE-2026-3880

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Public Folder Client P…

High

CVE-2026-28703

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Mails Exchanged Betwee…