CVE-2025-5347

Q: What is the severity of CVE-2025-5347?

CVE-2025-5347 has a CVSS score of 6.3 (MEDIUM). This stored cross-site scripting vulnerability in Zohocorp ManageEngine Exchange Reporter Plus allows attackers to inject malicious scripts into reports that execute when viewed by other users. It affects all versions before 5723, potentially compromising user sessions and data. Organizations using vulnerable versions of this Exchange monitoring software are at risk.

6.3 MEDIUM

Cross-Site Scripting

📋 TL;DR

This stored cross-site scripting vulnerability in Zohocorp ManageEngine Exchange Reporter Plus allows attackers to inject malicious scripts into reports that execute when viewed by other users. It affects all versions before 5723, potentially compromising user sessions and data. Organizations using vulnerable versions of this Exchange monitoring software are at risk.

💻 Affected Systems

Products:

Zohocorp ManageEngine Exchange Reporter Plus

Versions: All versions before 5723

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the reports module and requires access to create or modify reports.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, hijack user sessions, redirect users to malicious sites, or perform actions on behalf of authenticated users, potentially leading to full system compromise.

🟠

Likely Case

Attackers with access to the reports module could inject scripts that steal session cookies or credentials from users viewing reports, leading to unauthorized access to the Exchange Reporter Plus system.

🟢

If Mitigated

With proper input validation and output encoding, malicious scripts would be neutralized before execution, preventing any impact on users.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires authenticated access to the reports module to inject malicious scripts.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5723

Vendor Advisory: https://www.manageengine.com/products/exchange-reports/advisory/CVE-2025-5347.html

Restart Required: No

Instructions:

1. Download Exchange Reporter Plus version 5723 or later from the ManageEngine website. 2. Backup your current installation. 3. Run the installer to upgrade to the patched version. 4. Verify the upgrade completed successfully.

🔧 Temporary Workarounds

Input Validation and Output Encoding

all

Implement server-side input validation and output encoding for all user-supplied data in the reports module.

Content Security Policy

all

Implement a strict Content Security Policy header to restrict script execution sources.

🧯 If You Can't Patch

Restrict access to the reports module to trusted users only
Implement web application firewall rules to detect and block XSS payloads

🔍 How to Verify

Check if Vulnerable:

Check the Exchange Reporter Plus version in the web interface under Help > About or in the installation directory.

Check Version:

Check the version in the web interface or examine the build number in the installation directory.

Verify Fix Applied:

Verify the version is 5723 or later and test report creation/modification with XSS payloads to ensure they are properly sanitized.

📡 Detection & Monitoring

Log Indicators:

Unusual report creation/modification patterns
Requests containing script tags or JavaScript in report parameters

Network Indicators:

HTTP requests with suspicious script content in POST parameters to reports endpoints

SIEM Query:

source="exchange_reporter_plus" AND (http_request="*<script>*" OR http_request="*javascript:*")

📊 Metadata

CVE ID: CVE-2025-5347

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N

CWE: CWE-79

EPSS Score: 0.04% exploit probability (12.6th percentile)

Published: October 30, 2025

Last Updated: November 7, 2025

🔗 References

https://www.manageengine.com/products/exchange-reports/advisory/CVE-2025-5347.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Input Validation and Output Encoding

Content Security Policy

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities