PT-2025-24419 · Zohocorp · Zoho Manageengine Exchange Reporter Plus
Ngockhanhc311
·
Published
2025-05-29
·
Updated
2025-06-10
·
CVE-2025-3835
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior
Description
The issue concerns remote code execution in the Content Search module. It is related to the CWE-434 Unrestricted Upload of File with Dangerous Type. Remote code execution is possible, allowing attackers to execute malicious code on the affected system.
Recommendations
For versions 5721 and prior, update to a version later than 5721 to resolve the issue. As a temporary workaround, consider disabling the Content Search module until a patch is available. Restrict access to the Content Search module to minimize the risk of exploitation.
Fix
RCE
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zoho Manageengine Exchange Reporter Plus