CVE-2025-3835 PUBLISHED

Remote Code Execution

Assigner: Zohocorp
Reserved: 21.04.2025 Published: 09.06.2025 Updated: 14.06.2025

Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVSS Score: 9.6

Product Status

Vendor ManageEngine
Product Exchange Reporter Plus
Versions Default: unaffected
  • affected from 0 to 5722 (excl.)

Credits

  • Ngockhanhc311 from FPT NightWolf reporter

References

Problem Types

  • CWE-434 Unrestricted Upload of File with Dangerous Type CWE