Security Updates - ZVE-2025-3566 | ManageEngine OpManager

Stored XSS Remote Code Execution - ZVE-2025-3566

Severity: Medium

CVE ID: ZVE-2025-3566

Product name	Affected Version(s)	Fixed Version(s)	Fixed On
OpManager OpManager Enterprise Edition OpManager Plus OpManager Plus Enterprise Edition OpManager MSP NetFlow Analyzer OpUtils	Between 128569 & 128581 Between 128464 & 128569 Below 128464	128582 / 128570 / 128465	30-06-2025

Details:

The stored Cross-Site Scripting (XSS) vulnerability allowed authenticated, low-privileged user with permission to modify subnet details to inject malicious JavaScript payloads. This has been fixed.

Steps to upgrade:

Kindly download the latest upgrade pack from here.
Apply the latest build to your existing product installation as per the upgrade pack instructions provided in the above step.

Source and Acknowledgements

This vulnerability was reported by tuannq x ngockhanhc311.

Kindly contact our product support team for further details, at the below mentioned email address:

OpManager: opmanager-support@manageengine.com