CVE-2025-9226

Vulnerability

Overview

CVE-2025-9226 is a stored cross-site scripting (XSS) vulnerability affecting Zohocorp ManageEngine OpManager, NetFlow Analyzer, and OpUtils versions prior to build 128582 (or the corresponding fixed builds 128570/128465 for earlier branches). The flaw resides in the Subnet Details input field, where user input is not properly sanitized, allowing an authenticated low-privileged user with permission to modify subnet details to inject arbitrary JavaScript payloads [1].

Exploitation

An attacker must be authenticated and have the necessary privileges to modify permissions on subnet details. The injected payload is stored on the server and subsequently executed when any other user (including administrators) accesses the affected page. No special network position is required beyond normal application access [1].

Impact

Successful exploitation enables the attacker to execute malicious scripts in the context of the victim's browser session. This can lead to session hijacking, data theft, or further actions within the application as the victim user. The vulnerability is rated Medium (CVSS 4.6) [1].

Mitigation

The vendor has released fixed builds (128582, 128570, 128465) that escape and safely render user input as plain text, preventing script execution. Users should upgrade to the latest build as per the advisory instructions [1].