CVE-2025-5343

Q: What is the severity of CVE-2025-5343?

CVE-2025-5343 has a CVSS score of 6.3 (MEDIUM). This stored cross-site scripting vulnerability in ManageEngine Exchange Reporter Plus allows attackers to inject malicious scripts into the Instant Search feature. When users view compromised search results, the scripts execute in their browser context. All organizations running vulnerable versions of Exchange Reporter Plus are affected.

6.3 MEDIUM

Cross-Site Scripting

📋 TL;DR

This stored cross-site scripting vulnerability in ManageEngine Exchange Reporter Plus allows attackers to inject malicious scripts into the Instant Search feature. When users view compromised search results, the scripts execute in their browser context. All organizations running vulnerable versions of Exchange Reporter Plus are affected.

💻 Affected Systems

Products:

Zohocorp ManageEngine Exchange Reporter Plus

Versions: All versions through 5721

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: The Instant Search feature must be enabled and accessible to users for exploitation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator session cookies, perform actions as authenticated users, redirect users to malicious sites, or deploy ransomware through the application interface.

🟠

Likely Case

Attackers would typically steal session cookies to hijack authenticated sessions, potentially gaining access to sensitive Exchange reporting data and administrative functions.

🟢

If Mitigated

With proper input validation and output encoding, the risk is limited to minor UI disruption without significant security impact.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires attacker to have access to create/modify search queries, typically through authenticated access or social engineering.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 5722 or later

Vendor Advisory: https://www.manageengine.com/products/exchange-reports/advisory/CVE-2025-5343.html

Restart Required: No

Instructions:

1. Download the latest version from ManageEngine website. 2. Backup current installation. 3. Run the installer to upgrade. 4. Verify the version is 5722 or higher.

🔧 Temporary Workarounds

Disable Instant Search

all

Temporarily disable the vulnerable Instant Search feature to prevent exploitation

Implement WAF Rules

all

Configure web application firewall to block XSS payloads in search parameters

🧯 If You Can't Patch

Restrict access to Exchange Reporter Plus to trusted users only
Implement Content Security Policy headers to mitigate script execution

🔍 How to Verify

Check if Vulnerable:

Check the application version in the web interface or installation directory. Versions 5721 and below are vulnerable.

Check Version:

Check Help > About in the web interface or examine the build.properties file in the installation directory

Verify Fix Applied:

Confirm the application version is 5722 or higher and test Instant Search with basic XSS payloads like <script>alert('test')</script>

📡 Detection & Monitoring

Log Indicators:

Unusual search queries containing script tags or JavaScript code
Multiple failed XSS attempts in web server logs

Network Indicators:

HTTP requests with script tags in search parameters
Unusual outbound connections from user browsers after accessing search results

SIEM Query:

source="*exchange-reporter-plus*" AND ("<script" OR "javascript:" OR "onerror=" OR "onload=")

📊 Metadata

CVE ID: CVE-2025-5343

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N

CWE: CWE-79

EPSS Score: 0.04% exploit probability (12.6th percentile)

Published: October 30, 2025

Last Updated: November 7, 2025

🔗 References

https://www.manageengine.com/products/exchange-reports/advisory/CVE-2025-5343.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable Instant Search

Implement WAF Rules

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities