CVE-2025-9227

Vulnerability

A stored cross-site scripting (XSS) vulnerability exists in the SNMP trap processor module of Zohocorp ManageEngine OpManager. The root cause is insufficient sanitization of user-supplied input in the description field of SNMP trap configurations. An attacker with permission to modify SNMP trap processors can inject arbitrary JavaScript code into this field, which is then stored and executed when an administrator views the SNMP Trap Processors page [1].

Exploitation

To exploit this vulnerability, an attacker must have a user account with the privilege to modify SNMP trap processor settings. No additional authentication bypass is needed; the vulnerability is triggered via the administrative interface. When the stored malicious script executes in the context of an admin session, the attacker can leverage the admin's CSRF token and session cookie [1].

Impact

Successful exploitation allows the attacker to perform actions on behalf of the administrator, including session hijacking and further attacks. The advisory states that this can lead to a reverse shell and remote code execution on the OpManager server, giving the attacker full control over the affected system [1].

Mitigation

Zohocorp has released fixed versions for all affected product editions: OpManager (build 128610), OpManager Enterprise (build 128598), OpManager Nexus (build 128588), OpManager Nexus Enterprise (build 128543), and OpManager MSP (build 128466). The fix includes output encoding and input sanitization for the description field. Users should upgrade to the corresponding fixed builds listed in the advisory [1].