CVE-2025-3835 - Vulnerability Details - OpenCVE

Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00201.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Zohocorp	Manageengine Exchange Reporter Plus

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Zohocorp	Manageengine Exchange Reporter Plus

References

Link	Providers
https://www.manageengine.com/products/exchange-reports/advisory/CVE-2025-3835.html

History

Fri, 11 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.0016}`	epss `{'score': 0.00174}`

Mon, 09 Jun 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 09 Jun 2025 10:45:00 +0000

Type	Values Removed	Values Added
Description		Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module.
Title		Remote Code Execution
Weaknesses		CWE-434
References		https://www.manageengine.com/products/exchange-reports/advisory/CVE-2025-3835.html
Metrics		cvssV3_1 `{'score': 9.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: Zohocorp

Published: 2025-06-09T10:29:18.379Z

Updated: 2025-06-14T03:56:13.798Z

Reserved: 2025-04-21T07:22:57.310Z

Link: CVE-2025-3835

Vulnrichment

Updated: 2025-06-09T17:52:26.662Z

NVD

Status : Awaiting Analysis

Published: 2025-06-09T11:15:21.913

Modified: 2025-06-09T12:15:47.880

Link: CVE-2025-3835

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-07-13T21:48:33Z

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-3835", "assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02", "state": "PUBLISHED", "assignerShortName": "Zohocorp", "dateReserved": "2025-04-21T07:22:57.310Z", "datePublished": "2025-06-09T10:29:18.379Z", "dateUpdated": "2025-06-14T03:56:13.798Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Exchange Reporter Plus", "vendor": "ManageEngine", "versions": [{"lessThan": "5722", "status": "affected", "version": "0", "versionType": "5722"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Ngockhanhc311 from FPT NightWolf"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the <span style=\"background-color: rgb(255, 255, 255);\">Content Search module.</span><br>"}], "value": "Zohocorp ManageEngine\u00a0Exchange Reporter Plus versions\u00a05721 and prior are vulnerable to Remote code execution in the\u00a0Content Search module."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02", "shortName": "Zohocorp", "dateUpdated": "2025-06-09T10:29:18.379Z"}, "references": [{"url": "https://www.manageengine.com/products/exchange-reports/advisory/CVE-2025-3835.html"}], "source": {"discovery": "EXTERNAL"}, "title": "Remote Code Execution", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-13T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2025-3835"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-14T03:56:13.798Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3835", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-06-09T17:48:48.090414Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-09T17:52:26.662Z"}}], "cna": {"title": "Remote Code Execution", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "value": "Ngockhanhc311 from FPT NightWolf"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.6, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ManageEngine", "product": "Exchange Reporter Plus", "versions": [{"status": "affected", "version": "0", "lessThan": "5722", "versionType": "5722"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.manageengine.com/products/exchange-reports/advisory/CVE-2025-3835.html"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Zohocorp ManageEngine\u00a0Exchange Reporter Plus versions\u00a05721 and prior are vulnerable to Remote code execution in the\u00a0Content Search module.", "supportingMedia": [{"type": "text/html", "value": "Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the <span style=\"background-color: rgb(255, 255, 255);\">Content Search module.</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02", "shortName": "Zohocorp", "dateUpdated": "2025-06-09T10:29:18.379Z"}}}, "cveMetadata": {"cveId": "CVE-2025-3835", "state": "PUBLISHED", "dateUpdated": "2025-06-14T03:56:13.798Z", "dateReserved": "2025-04-21T07:22:57.310Z", "assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02", "datePublished": "2025-06-09T10:29:18.379Z", "assignerShortName": "Zohocorp"}, "dataVersion": "5.1"}