ManageEngine Family November 2025 Security Update Advisory

Overview

 

Zoho(https://www.zohocorp.com/) has released a security update that addresses a vulnerability in its ManageEngine suite of products. Users of affected products are advised to update to the latest version.

 

Affected Products

 

 

Exchange Reporter Plus build 5723 or earlier

Analytics Plus on-premises build versions below 6170

 

Resolved Vulnerabilities

 

High Impact Cross Site Scripting (XSS) Vulnerability in Exchange Reporter Plus (CVE-2025-7632) [1]

High Impact Cross Site Scripting (XSS) Vulnerability in Exchange Reporter Plus (CVE-2025-7429) [2]

High Impact Cross Site Scripting (XSS) Vulnerability in Exchange Reporter Plus (CVE-2025-7633) [3]

High Impact Cross Site Scripting (XSS) Vulnerability in Exchange Reporter Plus (CVE-2025-7430) [4]

SQL Injection Vulnerability in Analytics Plus with a Severe Impact Rating (CVE-2025-8324) [5]

 

Vulnerability Patches

 

Please follow the security advisory published on November 11 to update to the appropriate version and the latest version.

Exchange Reporter Plus version 5724

Analytics Plus build 6171 version

 

Referenced Sites

 

[1] CVE-2025-7632 – Stored XSS Vulnerability

https://www.manageengine.com/products/exchange-reports/advisory/CVE-2025-7632.html

[2] CVE-2025-7429 – Stored XSS Vulnerability

https://www.manageengine.com/products/exchange-reports/advisory/CVE-2025-7429.html

[3] CVE-2025-7633 – Stored XSS Vulnerability

https://www.manageengine.com/products/exchange-reports/advisory/CVE-2025-7633.html

[4] CVE-2025-7430 – Stored XSS Vulnerability

https://www.manageengine.com/products/exchange-reports/advisory/CVE-2025-7430.html

[5] CVE-2025-8324 – Unauthenticated SQL Injection Vulnerability

https://www.manageengine.com/analytics-plus/CVE-2025-8324.html