CVE-2025-7632 is a stored Cross-site Scripting (XSS) vulnerability identified in Zohocorp ManageEngine Exchange Reporter Plus, specifically in versions 5723 and earlier. The vulnerability arises from improper neutralization of input during web page generation in the Public Folders report feature, classified under CWE-79. This flaw allows an authenticated user with privileges to inject malicious scripts that are stored on the server and subsequently executed in the browsers of other users who view the affected report. The CVSS 3.1 base score is 7.3, indicating high severity, with the vector AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N. This means the attack can be performed remotely over the network with low complexity, requires privileges (likely authenticated user access), and user interaction (victim must view the malicious content). The impact on confidentiality and integrity is high, as attackers can steal session tokens, perform actions on behalf of users, or manipulate data within the application context. Availability is not impacted. No public exploits have been reported yet, but the vulnerability's nature and ease of exploitation make it a significant risk. The vulnerability was reserved in July 2025 and published in November 2025. No official patches are currently linked, indicating that organizations should monitor vendor advisories closely. The vulnerability affects a widely used enterprise tool for Exchange reporting and monitoring, which is often deployed in medium to large organizations managing Microsoft Exchange environments.

For European organizations, the impact of CVE-2025-7632 can be substantial. ManageEngine Exchange Reporter Plus is commonly used in enterprises to monitor and report on Exchange server health and usage. Exploitation of this stored XSS vulnerability could allow attackers to execute arbitrary scripts in the context of legitimate users, potentially leading to credential theft, session hijacking, or unauthorized actions within the reporting tool. This could result in exposure of sensitive email metadata, user information, or internal network details. Given the integration with Exchange environments, attackers might leverage this foothold for lateral movement or further compromise. The requirement for authenticated access limits exposure but does not eliminate risk, especially in environments with many users or weak access controls. The vulnerability could also undermine trust in reporting data integrity. European organizations subject to strict data protection regulations (e.g., GDPR) may face compliance risks if sensitive data is exposed or manipulated due to this vulnerability.

1. Monitor Zohocorp vendor advisories and apply security patches for ManageEngine Exchange Reporter Plus as soon as they become available. 2. Until patches are released, restrict access to the Public Folders report feature to only trusted and necessary users, minimizing the attack surface. 3. Implement strict input validation and output encoding on all user-supplied data within the reporting tool, especially in the Public Folders report. 4. Employ web application firewalls (WAFs) with rules to detect and block common XSS payloads targeting this application. 5. Conduct regular security audits and penetration testing focused on web application vulnerabilities in ManageEngine products. 6. Educate users about the risks of clicking on suspicious links or reports within the application to reduce the impact of user interaction requirements. 7. Review and tighten authentication and authorization policies to limit privilege escalation and lateral movement opportunities. 8. Monitor logs for unusual activity related to the Public Folders report or unexpected script execution.