CVE-2025-9226
Unknown Unknown - Not Provided
Stored XSS in ManageEngine Subnet Details Affects Multiple Products

Publication date: 2026-01-30

Last updated on: 2026-01-30

Assigner: ManageEngine

Description
Zohocorp ManageEngine OpManager, NetFlow Analyzer, and OpUtils versions prior to 128582 are affected by a stored cross-site scripting vulnerability in the Subnet Details.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-30
Last Modified
2026-01-30
Generated
2026-06-16
AI Q&A
2026-01-30
EPSS Evaluated
2026-06-14
NVD
CVE-2025-9226
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
zohocorp manageengine_opmanager to 128582 (exc)
zohocorp netflow_analyzer to 128582 (exc)
zohocorp oputils to 128582 (exc)
zohocorp manageengine_opmanager_enterprise_edition to 128582 (exc)
zohocorp manageengine_opmanager_plus to 128582 (exc)
zohocorp manageengine_opmanager_plus_enterprise_edition to 128582 (exc)
zohocorp manageengine_opmanager_msp to 128582 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-9226 is a stored Cross-Site Scripting (XSS) vulnerability in ManageEngine products like OpManager, NetFlow Analyzer, and OpUtils. It allows an authenticated, low-privileged user with permission to modify subnet details to inject malicious JavaScript code into the subnet details input field. This malicious code is stored and executed when other users view the affected page, potentially compromising their sessions or enabling unauthorized actions. [1]

Impact Analysis

This vulnerability can impact you by allowing attackers to execute malicious scripts in the context of other users' browsers when they view the subnet details page. This can lead to session hijacking, unauthorized actions performed on behalf of users, and potential compromise of sensitive information accessible through the application. [1]

Detection Guidance

This vulnerability can be detected by verifying if your ManageEngine products (OpManager, NetFlow Analyzer, OpUtils) are running affected versions between build numbers 128464 and 128581. Since the vulnerability involves stored XSS in the subnet details input field, detection involves checking if malicious JavaScript payloads have been injected into subnet details by authenticated users with modification permissions. There are no specific commands provided to detect the vulnerability or payloads on the network or system in the provided resources. [1]

Mitigation Strategies

To mitigate this vulnerability immediately, you should upgrade your ManageEngine products to the fixed versions starting from builds 128465, 128570, or 128582 as applicable. The fix properly escapes and safely renders all user input from the subnet details field to prevent execution of injected JavaScript. Additionally, ensure that only trusted users have permission to modify subnet details. For further assistance, you can contact OpManager support at [email protected]. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-9226. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart