CVE-2025-7429 is a stored Cross-Site Scripting (XSS) vulnerability classified under CWE-79, affecting Zohocorp's ManageEngine Exchange Reporter Plus versions 5723 and below. The vulnerability resides in the 'Mails Deleted or Moved' report functionality, where user-supplied input is improperly neutralized during web page generation. This flaw allows an attacker with low privileges to inject malicious JavaScript code that is stored persistently and executed in the context of other users viewing the affected report. The CVSS 3.1 base score of 7.3 indicates a high-severity issue, with an attack vector of network (AV:N), low attack complexity (AC:L), requiring privileges (PR:L), and user interaction (UI:R). The impact on confidentiality and integrity is high (C:H, I:H), while availability is not affected (A:N). Exploitation could lead to session hijacking, credential theft, or unauthorized actions performed on behalf of the victim user. Although no known exploits are currently reported in the wild, the vulnerability's nature and ManageEngine's widespread use in enterprise environments make it a significant risk. The lack of available patches at the time of publication necessitates immediate risk mitigation strategies. The vulnerability was reserved in July 2025 and published in November 2025, indicating recent discovery and disclosure.

For European organizations, this vulnerability poses a significant risk to the confidentiality and integrity of sensitive email reporting data managed by Exchange Reporter Plus. Successful exploitation could allow attackers to execute arbitrary scripts in the browsers of administrative or privileged users, potentially leading to credential theft, session hijacking, or unauthorized data manipulation. This could result in data breaches, compliance violations (e.g., GDPR), and operational disruptions. Given the product's role in monitoring Exchange environments, attackers might leverage this access to gain further footholds or pivot within corporate networks. The absence of availability impact means systems remain operational, but the stealthy nature of XSS attacks can facilitate prolonged undetected compromise. Organizations relying heavily on ManageEngine products for Exchange reporting, especially those with large user bases or complex email infrastructures, face increased exposure. The threat is exacerbated by the requirement for user interaction, which could be triggered via social engineering or phishing campaigns targeting administrators.

1. Apply official patches or updates from Zohocorp as soon as they become available to remediate the vulnerability. 2. Until patches are released, restrict access to the 'Mails Deleted or Moved' report to only trusted and necessary users to minimize exposure. 3. Implement strict input validation and output encoding on all user-supplied data within the application, if customization is possible. 4. Deploy Web Application Firewalls (WAFs) with rules specifically designed to detect and block XSS payloads targeting ManageEngine interfaces. 5. Educate administrators and users on the risks of clicking untrusted links or executing unexpected actions within the reporting tool. 6. Monitor logs and network traffic for unusual activities or signs of exploitation attempts, focusing on the affected report functionality. 7. Consider isolating the Exchange Reporter Plus environment from broader network segments to limit lateral movement in case of compromise. 8. Review and tighten user privilege assignments to enforce the principle of least privilege, reducing the impact of any successful exploit.