CVE-2025-41437

MEDIUM

Zohocorp ManageEngine <128565 - XSS

Title source: llm
STIX 2.1

Description

Zohocorp ManageEngine OpManager, NetFlow Analyzer, Network Configuration Manager, Firewall Analyzer and OpUtils versions 128565 and below are vulnerable to Reflected XSS on the login page.

References (1)

Core 1

Scores

CVSS v3 4.3
EPSS 0.0022
EPSS Percentile 11.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
ManageEngine/OpManager < 128566
Published Jun 09, 2025
Tracked Since Feb 18, 2026