Stored XSS Vulnerability in ManageEngine OpManager by Zohocorp
CVE-2025-9227

6.5MEDIUM

Key Information:

Vendor: Zohocorp
Status: Manageengine Opmanager
Vendor: CVE Published:; 11 November 2025

What is CVE-2025-9227?

ManageEngine OpManager, specifically versions 128609 and earlier, contains a security vulnerability that allows an attacker to execute arbitrary JavaScript code within the context of another user’s session. This vulnerability is triggered through the SNMP trap processor, which can store malicious scripts. If exploited, it poses a risk of compromising user data and session integrity, potentially leading to unauthorized actions within the application.

Affected Version(s)

ManageEngine OpManager 0 <= 128609

References

https://www.manageengine.com/itom/advisory/cve-2025-9227....

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2025
Vulnerability Reserved
Aug 20, 2025

JSON