CVE-2025-9227
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-11

Last updated on: 2025-11-11

Assigner: ManageEngine

Description
Zohocorp ManageEngine OpManager versions 128609 and below are vulnerable to Stored XSS Vulnerability in the SNMP trap processor.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-11
Last Modified
2025-11-11
Generated
2026-06-16
AI Q&A
2025-11-11
EPSS Evaluated
2026-06-15
NVD
CVE-2025-9227
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
zohocorp manageengine_opmanager_enterprise_edition *
zohocorp manageengine_opmanager_msp *
zohocorp manageengine_opmanager_plus_enterprise_edition *
zohocorp manageengine_opmanager_plus *
zohocorp manageengine_opmanager *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-9227 is a Stored Cross-Site Scripting (XSS) vulnerability in the SNMP Trap Processor module of ManageEngine OpManager products. It occurs in the Description field where a user with permission to modify it can inject malicious JavaScript code. This code executes when an administrator views the SNMP Trap Processors page, allowing the attacker to use the admin's CSRF token and session to gain a reverse shell and execute remote code on the server. [1]

Impact Analysis

This vulnerability can allow an attacker to execute arbitrary code on the server remotely by exploiting the administrator's session. This can lead to unauthorized access, control over the server, data compromise, and potentially further attacks within the network. [1]

Detection Guidance

This vulnerability can be detected by checking if your ManageEngine OpManager product version is at or below the affected builds (e.g., OpManager up to build 128609). Specifically, you can verify the version/build number of your OpManager installation. Additionally, inspecting the SNMP Trap Processor's Description field for suspicious or unexpected JavaScript code injections may help identify exploitation attempts. There are no specific commands provided in the resources for detection. [1]

Mitigation Strategies

Immediate mitigation steps include upgrading your ManageEngine OpManager product to the fixed versions: build 128610 or later for OpManager, or the corresponding fixed builds for other editions as listed. The fix sanitizes user input in the Description field to prevent script injection. Users should download and apply the latest upgrade packs as per the official instructions. Additionally, restricting permissions to modify the SNMP Trap Processor Description field to trusted users can reduce risk until the patch is applied. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-9227. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart