CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-41437: Reflected XSS

4.3 CVSS

Description

Zohocorp ManageEngine OpManager, NetFlow Analyzer, Network Configuration Manager, Firewall Analyzer and OpUtils versions 128565 and below are vulnerable to Reflected XSS on the login page.

Classification

CVE ID: CVE-2025-41437

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.3

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Problem Types

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Affected Products

Vendor: ManageEngine

Product: OpManager

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 7.32% (scored less or equal to compared to others)

EPSS Date: 2025-06-25 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-41437
https://www.manageengine.com/itom/advisory/cve-2025-41437.html

Timeline

2025-06-09 11:40:17 UTC
CVE

Reflected XSS