CVE-2025-41437

Vulnerability

Overview

CVE-2025-41437 is a reflected cross-site scripting (XSS) vulnerability affecting the login page of multiple ManageEngine products, including OpManager, NetFlow Analyzer, Network Configuration Manager, Firewall Analyzer, and OpUtils [1]. The issue exists in builds 128565 and below. The root cause is insufficient sanitization of user-supplied input reflected back in the login page, allowing an attacker to inject arbitrary JavaScript [1].

Exploitation

An attacker can craft a malicious link that, when clicked by an authenticated or unauthenticated user, executes the injected script in the context of the victim's browser session. Since the injection occurs on the login page, no special privileges are required to trigger the vulnerability—only user interaction (e.g., clicking a crafted URL) is needed [1]. The attack vector is network-based and does not require authentication to exploit the reflected XSS.

Impact

Successful exploitation enables the attacker to execute arbitrary JavaScript in the victim's browser, potentially leading to session hijacking, credential theft, or defacement of the login page. The CVSS v3 base score is 4.3 (Medium severity), reflecting the need for user interaction and the limited scope of impact [1].

Mitigation

ManageEngine released fixed builds as indicated in the advisory: OpManager build 128566 (fixed 26-May-2025) and other products received corresponding patches on various dates, with the latest fixes applied by 22-July-2025 [1]. Users are advised to upgrade to the latest build or apply the update pack for their product version. No workarounds are documented; upgrading is the recommended action [1].