ReDOS Vulnerability in Zohocorp ManageEngine Exchange Reporter Plus
CVE-2025-5342

4.3MEDIUM

Key Information:

Vendor: Zohocorp
Status: Manageengine Exchange Reporter Plus
Vendor: CVE Published:; 30 October 2025

What is CVE-2025-5342?

The ManageEngine Exchange Reporter Plus by Zohocorp is susceptible to a Regular Expression Denial of Service (ReDOS) vulnerability in its search module. This vulnerability could allow an attacker to exploit inefficient regex patterns, potentially leading to service disruption and denial of access to legitimate users. Immediate patching and mitigation measures are advised to ensure system integrity.

Affected Version(s)

ManageEngine Exchange Reporter Plus 0 <= 5721

References

https://www.manageengine.com/products/exchange-reports/ad...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 30, 2025
Vulnerability Reserved
May 30, 2025

JSON