CVE-2025-7430

Q: What is the severity of CVE-2025-7430?

CVE-2025-7430 has a CVSS score of 7.3 (HIGH). This stored cross-site scripting (XSS) vulnerability in ManageEngine Exchange Reporter Plus allows attackers to inject malicious scripts into the Folder Message Count and Size report. When users view the compromised report, the script executes in their browser context, potentially stealing session cookies or performing unauthorized actions. Organizations using Exchange Reporter Plus versions 5723 and below are affected.

7.3 HIGH

Cross-Site Scripting

📋 TL;DR

This stored cross-site scripting (XSS) vulnerability in ManageEngine Exchange Reporter Plus allows attackers to inject malicious scripts into the Folder Message Count and Size report. When users view the compromised report, the script executes in their browser context, potentially stealing session cookies or performing unauthorized actions. Organizations using Exchange Reporter Plus versions 5723 and below are affected.

💻 Affected Systems

Products:

ManageEngine Exchange Reporter Plus

Versions: 5723 and below

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with the vulnerable version are affected regardless of configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator session cookies, gain full administrative access to Exchange Reporter Plus, pivot to other systems, and potentially compromise the entire Exchange environment.

🟠

Likely Case

Attackers steal user session cookies to gain unauthorized access to Exchange Reporter Plus, modify reports, or access sensitive Exchange data.

🟢

If Mitigated

With proper input validation and output encoding, malicious scripts are neutralized before execution, preventing any impact.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires the attacker to have access to create or modify reports, but once stored, the XSS executes automatically when users view the report.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5724

Vendor Advisory: https://www.manageengine.com/products/exchange-reports/advisory/CVE-2025-7430.html

Restart Required: Yes

Instructions:

1. Download Exchange Reporter Plus build 5724 or later from ManageEngine website. 2. Stop the Exchange Reporter Plus service. 3. Run the installer/upgrade package. 4. Restart the service.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement custom input validation to sanitize all user input in report fields

Content Security Policy

all

Implement strict CSP headers to prevent script execution from untrusted sources

🧯 If You Can't Patch

Restrict report creation/modification permissions to trusted administrators only
Implement web application firewall (WAF) rules to detect and block XSS payloads

🔍 How to Verify

Check if Vulnerable:

Check Exchange Reporter Plus version in web interface under Help > About or via system information page

Check Version:

Not applicable - check via web interface

Verify Fix Applied:

Verify version is 5724 or higher and test report creation with XSS payloads to ensure they are properly sanitized

📡 Detection & Monitoring

Log Indicators:

Unusual report creation/modification patterns
Multiple failed XSS attempts in web server logs

Network Indicators:

HTTP requests containing script tags or JavaScript in report parameters

SIEM Query:

web_server_logs WHERE (url CONTAINS 'report' AND (params CONTAINS '<script>' OR params CONTAINS 'javascript:'))

📊 Metadata

CVE ID: CVE-2025-7430

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

CWE: CWE-79

EPSS Score: 0.04% exploit probability (11.9th percentile)

Published: November 11, 2025

Last Updated: November 21, 2025

🔗 References

https://www.manageengine.com/products/exchange-reports/advisory/CVE-2025-7430.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

Manageengine Exchange Reporter Plus by Zohocorp

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Input Validation Filter

Content Security Policy

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities