CVE-2025-9787

Stored DOM XSS in search functionality of a create or edit NOC view.

Vulnerability Details
Severity	Medium
CVE ID	CVE-2025-9787
Affected software versions	Version 177400 and below
Fixed Version	Version 177201 to 177209 Version 177500 and above
Fixed On	1 September 2025

Details

When creating or editing a NOC view, a stored DOM XSS vulnerability may arise while using the dashboard search field if any dashboard name contains a malicious JavaScript payload.

Impact

This vulnerability executes JavaScript in the victim's browser controlled by the attacker to carry out any of the actions that are applicable to the corresponding role of the victim in Applications Manager.

Fix

Applications Manager version 177500 (refer above for other fixed versions) and above fixes this issue by using the DOM safe APIs to render the Dashboard name safely.

Steps to update

Update your Applications Manager instance to the latest build using the service pack.

Source and Acknowledgements

Find out more about CVE-2025-9787 from the CVE Directory and NIST NVD.

Reported by:

Aishwarya Valsa

Need Help?

For clarification or corrections please contact our support team or email us at appmanager-support@manageengine.com

Loved by customers all over the world

"Standout Tool With Extensive Monitoring Capabilities"

★ ★ ★ ★ ★

It allows us to track crucial metrics such as response times, resource utilization, error rates, and transaction performance. The real-time monitoring alerts promptly notify us of any issues or anomalies, enabling us to take immediate action.

Reviewer Role: Research and Development

"I like Applications Manager because it helps us to detect issues present in our servers and SQL databases."

Carlos Rivero

Tech Support Manager, Lexmark