cbcvebase.
CVE-2025-3833
published 2025-05-14

CVE-2025-3833: Zohocorp ManageEngine ADSelfService Plus versions 6513 and prior are vulnerable to authenticated SQL injection in the MFA reports.

PriorityP265high8.1CVSS 3.1
AVNACLPRLUINSUCHIHAN
EPSS
27.77%
97.8th percentile
Zohocorp ManageEngine ADSelfService Plus versions 6513 and prior are vulnerable to authenticated SQL injection in the MFA reports.

Affected

9 ranges
VendorProductVersion rangeFixed in
manageengineadselfservice_plus< 65146514
msrcazl3_openwsman_2.6.8-13_on_azure_linux_3.0
msrcazure_linux_3.0_arm
msrcazure_linux_3.0_x64
msrccbl2_openwsman_2.6.8-13_on_cbl_mariner_2.0
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64
zohocorpmanageengine_adselfservice_plus< 6.56.5
zohocorpmanageengine_adselfservice_plus

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2025-3833 is an authenticated SQL injection vulnerability in the MFA reports feature of ManageEngine ADSelfService Plus. Monitor for anomalous SQL syntax in requests targeting MFA report endpoints from authenticated sessions.
  • ·Vulnerability only affects ADSelfService Plus versions 6513 and prior; versions after 6513 contain the fix. Confirm patched version is deployed.
  • ·Exploitation requires authentication; focus detection efforts on authenticated user sessions interacting with MFA report functionality.

CVSS provenance

nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
vendor_msrc7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.