CVE-2025-5342

Q: What is the severity of CVE-2025-5342?

CVE-2025-5342 has a CVSS score of 4.3 (MEDIUM). This CVE describes a ReDOS (Regular Expression Denial of Service) vulnerability in Zohocorp ManageEngine Exchange Reporter Plus. Attackers can cause denial of service by sending specially crafted search queries that trigger inefficient regular expression processing. Organizations running vulnerable versions of Exchange Reporter Plus are affected.

4.3 MEDIUM

Denial of Service

📋 TL;DR

This CVE describes a ReDOS (Regular Expression Denial of Service) vulnerability in Zohocorp ManageEngine Exchange Reporter Plus. Attackers can cause denial of service by sending specially crafted search queries that trigger inefficient regular expression processing. Organizations running vulnerable versions of Exchange Reporter Plus are affected.

💻 Affected Systems

Products:

Zohocorp ManageEngine Exchange Reporter Plus

Versions: All versions through 5721

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations with search functionality enabled are vulnerable. The vulnerability is in the search module specifically.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service unavailability of Exchange Reporter Plus, potentially disrupting email reporting and monitoring capabilities for extended periods.

🟠

Likely Case

Temporary service degradation or slowdown of the search functionality, requiring service restart to recover normal operations.

🟢

If Mitigated

Minimal impact with proper input validation and rate limiting in place, though some performance degradation may still occur.

🌐 Internet-Facing: MEDIUM - While ReDOS attacks typically require specific input, internet-facing instances are more exposed to automated scanning and attack attempts.

🏢 Internal Only: LOW - Internal-only deployments reduce exposure, though authenticated users could still potentially trigger the vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires understanding of regular expression patterns that trigger catastrophic backtracking. No public exploits are currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 5722 or later

Vendor Advisory: https://www.manageengine.com/products/exchange-reports/advisory/CVE-2025-5342.html

Restart Required: No

Instructions:

1. Download the latest version from ManageEngine website. 2. Run the installer/upgrade package. 3. Follow the upgrade wizard. 4. Verify the upgrade completed successfully.

🔧 Temporary Workarounds

Disable Search Module

all

Temporarily disable the vulnerable search functionality until patching can be completed.

Implement Rate Limiting

all

Configure web application firewall or reverse proxy to limit search request frequency.

🧯 If You Can't Patch

Implement strict input validation to reject complex search patterns
Deploy network-based controls to monitor and block suspicious search activity patterns

🔍 How to Verify

Check if Vulnerable:

Check the Exchange Reporter Plus version in the web interface under Help > About, or examine the installation directory for version files.

Check Version:

Not applicable - version is checked via web interface or installation files

Verify Fix Applied:

Verify the version is 5722 or later in the web interface, and test search functionality with various inputs to ensure normal performance.

📡 Detection & Monitoring

Log Indicators:

Unusually long search query processing times
Multiple failed search attempts with complex patterns
Service restart events following search operations

Network Indicators:

High frequency of search requests from single sources
Unusually large search query payloads

SIEM Query:

source="exchange-reporter-plus" AND (message="search timeout" OR message="long running query" OR message="service restart")

📊 Metadata

CVE ID: CVE-2025-5342

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE: CWE-400

EPSS Score: 0.09% exploit probability (26th percentile)

Published: October 30, 2025

Last Updated: November 7, 2025

🔗 References

https://www.manageengine.com/products/exchange-reports/advisory/CVE-2025-5342.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable Search Module

Implement Rate Limiting

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities