CVE-2025-3835 — Unrestricted File Upload in Exchange Reporter Plus

CWE-434 — Unrestricted File Upload3 documents3 sources

Severity

9.6CRITICALNVD

EPSS

3.3%

top 12.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Manageengine Exchange Reporter Plus Zohocorp Manageengine Exchange Reporter Plus

Timeline

PublishedJun 9

Description

Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 2.8 | Impact: 6.0

Affected Packages2 packages

▶NVDzohocorp/manageengine_exchange_reporter_plus< 5.7+1

▶CVEListV5manageengine/exchange_reporter_plus< 5722

🔴Vulnerability Details

CVEList

Remote Code Execution↗2025-06-09

▶

GHSA

GHSA-r7f5-84f4-jjx8: Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module↗2025-06-09

▶