CVE-2025-7429

Q: What is the severity of CVE-2025-7429?

CVE-2025-7429 has a CVSS score of 7.3 (HIGH). ManageEngine Exchange Reporter Plus versions 5723 and below contain a stored cross-site scripting (XSS) vulnerability in the 'Mails Deleted or Moved' report. This allows attackers to inject malicious scripts that execute when users view the report, potentially compromising their sessions or performing actions on their behalf. Organizations using vulnerable versions of this email reporting software are affected.

7.3 HIGH

Cross-Site Scripting

📋 TL;DR

ManageEngine Exchange Reporter Plus versions 5723 and below contain a stored cross-site scripting (XSS) vulnerability in the 'Mails Deleted or Moved' report. This allows attackers to inject malicious scripts that execute when users view the report, potentially compromising their sessions or performing actions on their behalf. Organizations using vulnerable versions of this email reporting software are affected.

💻 Affected Systems

Products:

Zohocorp ManageEngine Exchange Reporter Plus

Versions: 5723 and below

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with the vulnerable version are affected regardless of configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, hijack user sessions, redirect users to malicious sites, or perform unauthorized actions within the application as authenticated users.

🟠

Likely Case

Attackers with access to the application could inject malicious scripts that execute when other users view reports, potentially stealing session cookies or performing limited unauthorized actions.

🟢

If Mitigated

With proper input validation and output encoding, malicious scripts would be neutralized before execution, preventing exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires the attacker to have access to inject malicious content into the report, which typically requires some level of application access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5724 or later

Vendor Advisory: https://www.manageengine.com/products/exchange-reports/advisory/CVE-2025-7429.html

Restart Required: Yes

Instructions:

1. Download the latest version from ManageEngine website. 2. Backup current installation. 3. Run the installer to upgrade. 4. Restart the Exchange Reporter Plus service.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side input validation to sanitize all user inputs in report fields

Content Security Policy

all

Implement strict Content Security Policy headers to restrict script execution

🧯 If You Can't Patch

Restrict access to the Exchange Reporter Plus interface to trusted users only
Implement web application firewall rules to detect and block XSS payloads

🔍 How to Verify

Check if Vulnerable:

Check the version number in the Exchange Reporter Plus web interface under Help > About

Check Version:

Not applicable - check via web interface

Verify Fix Applied:

Verify version is 5724 or higher and test report functionality with safe test payloads

📡 Detection & Monitoring

Log Indicators:

Unusual script tags or JavaScript in report data fields
Multiple failed input validation attempts

Network Indicators:

Suspicious script injection patterns in HTTP requests to report endpoints

SIEM Query:

source="exchange-reporter-plus" AND (http_uri="/reports/" OR http_uri="/api/reports/") AND (http_body CONTAINS "<script>" OR http_body CONTAINS "javascript:")

📊 Metadata

CVE ID: CVE-2025-7429

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

CWE: CWE-79

EPSS Score: 0.04% exploit probability (11.9th percentile)

Published: November 11, 2025

Last Updated: November 21, 2025

🔗 References

https://www.manageengine.com/products/exchange-reports/advisory/CVE-2025-7429.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Input Validation Filter

Content Security Policy

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities