A critical security flaw in Zoho’s widely used identity management solution, ADSelfService Plus, has been patched after researchers discovered it could enable attackers to hijack user sessions and compromise sensitive enrollment data.
Tracked as CVE-2025-1723, the high-severity vulnerability underscores the risks of insufficient session validation in authentication systems, particularly when multi-factor authentication (MFA) safeguards are not enforced.
https://gbhackers.com/zoho-adselfservice-plus-flaw/