CVE-2025-7632
📋 TL;DR
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below contain a stored cross-site scripting (XSS) vulnerability in the Public Folders report feature. This allows attackers to inject malicious scripts that execute when users view the affected reports. Organizations using vulnerable versions of this software are at risk.
💻 Affected Systems
- Zohocorp ManageEngine Exchange Reporter Plus
📦 What is this software?
Manageengine Exchange Reporter Plus by Zohocorp
View all CVEs affecting Manageengine Exchange Reporter Plus →
Manageengine Exchange Reporter Plus by Zohocorp
View all CVEs affecting Manageengine Exchange Reporter Plus →
Manageengine Exchange Reporter Plus by Zohocorp
View all CVEs affecting Manageengine Exchange Reporter Plus →
Manageengine Exchange Reporter Plus by Zohocorp
View all CVEs affecting Manageengine Exchange Reporter Plus →
Manageengine Exchange Reporter Plus by Zohocorp
View all CVEs affecting Manageengine Exchange Reporter Plus →
Manageengine Exchange Reporter Plus by Zohocorp
View all CVEs affecting Manageengine Exchange Reporter Plus →
Manageengine Exchange Reporter Plus by Zohocorp
View all CVEs affecting Manageengine Exchange Reporter Plus →
Manageengine Exchange Reporter Plus by Zohocorp
View all CVEs affecting Manageengine Exchange Reporter Plus →
Manageengine Exchange Reporter Plus by Zohocorp
View all CVEs affecting Manageengine Exchange Reporter Plus →
Manageengine Exchange Reporter Plus by Zohocorp
View all CVEs affecting Manageengine Exchange Reporter Plus →
Manageengine Exchange Reporter Plus by Zohocorp
View all CVEs affecting Manageengine Exchange Reporter Plus →
Manageengine Exchange Reporter Plus by Zohocorp
View all CVEs affecting Manageengine Exchange Reporter Plus →
Manageengine Exchange Reporter Plus by Zohocorp
View all CVEs affecting Manageengine Exchange Reporter Plus →
Manageengine Exchange Reporter Plus by Zohocorp
View all CVEs affecting Manageengine Exchange Reporter Plus →
Manageengine Exchange Reporter Plus by Zohocorp
View all CVEs affecting Manageengine Exchange Reporter Plus →
Manageengine Exchange Reporter Plus by Zohocorp
View all CVEs affecting Manageengine Exchange Reporter Plus →
Manageengine Exchange Reporter Plus by Zohocorp
View all CVEs affecting Manageengine Exchange Reporter Plus →
Manageengine Exchange Reporter Plus by Zohocorp
View all CVEs affecting Manageengine Exchange Reporter Plus →
Manageengine Exchange Reporter Plus by Zohocorp
View all CVEs affecting Manageengine Exchange Reporter Plus →
Manageengine Exchange Reporter Plus by Zohocorp
View all CVEs affecting Manageengine Exchange Reporter Plus →
Manageengine Exchange Reporter Plus by Zohocorp
View all CVEs affecting Manageengine Exchange Reporter Plus →
Manageengine Exchange Reporter Plus by Zohocorp
View all CVEs affecting Manageengine Exchange Reporter Plus →
Manageengine Exchange Reporter Plus by Zohocorp
View all CVEs affecting Manageengine Exchange Reporter Plus →
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, hijack user sessions, redirect users to malicious sites, or perform actions on behalf of authenticated users, potentially leading to full system compromise.
Likely Case
Attackers with access to the application could inject malicious scripts that steal session cookies or credentials from other users viewing the Public Folders reports.
If Mitigated
With proper input validation and output encoding, malicious scripts would be rendered harmless as text rather than executable code.
🎯 Exploit Status
Exploitation requires the attacker to have access to inject malicious content into the Public Folders report, which typically requires some level of access to the application.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 5724 or later
Vendor Advisory: https://www.manageengine.com/products/exchange-reports/advisory/CVE-2025-7632.html
Restart Required: Yes
Instructions:
1. Download the latest version (5724+) from the ManageEngine website
2. Backup your current installation and configuration
3. Run the installer to upgrade to the patched version
4. Restart the Exchange Reporter Plus service
🔧 Temporary Workarounds
Disable Public Folders Report
allTemporarily disable the vulnerable Public Folders report feature until patching can be completed
Implement Web Application Firewall
allDeploy a WAF with XSS protection rules to block malicious script injection attempts
🧯 If You Can't Patch
- Implement strict input validation and output encoding for all user-supplied content in the Public Folders report
- Restrict access to the Exchange Reporter Plus interface to trusted users only using network segmentation and access controls
🔍 How to Verify
Check if Vulnerable:
Check the installed version of ManageEngine Exchange Reporter Plus. If version is 5723 or below, the system is vulnerable.Check Version:
Check the version in the web interface under Help > About, or examine the installation directory for version informationVerify Fix Applied:
Verify the installed version is 5724 or higher and test the Public Folders report functionality with safe test payloads.📡 Detection & Monitoring
Log Indicators:
- Unusual script tags or JavaScript code in Public Folders report entries
- Multiple failed attempts to access or modify report content
- Unexpected changes to report configurations
Network Indicators:
- HTTP requests containing suspicious script payloads to the Public Folders report endpoints
- Outbound connections to unexpected domains from the Exchange Reporter Plus server
SIEM Query:
source="ExchangeReporterPlus" AND (uri="*PublicFolders*" OR uri="*report*" OR uri="*folder*") AND (content="<script>" OR content="javascript:" OR content="onload=" OR content="onerror=")