Home

Description

Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module.

PUBLISHED Reserved 2025-04-21 | Published 2025-06-09 | Updated 2026-02-26 | Assigner Zohocorp




CRITICAL: 9.6CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Problem types

CWE-434 Unrestricted Upload of File with Dangerous Type

Product status

Default status
unaffected

Any version before 5722
affected

Credits

Ngockhanhc311 from FPT NightWolf reporter

References

www.manageengine.com/...-reports/advisory/CVE-2025-3835.html

cve.org (CVE-2025-3835)

nvd.nist.gov (CVE-2025-3835)

Download JSON