Security Updates

Exchange Reporting Tools » Security Updates

CVE-2025-7429 - Stored XSS vulnerability in Exchange Reporter Plus

Vulnerability Details
Severity High
CVE ID CVE-2025-7429
Affected software versions Build 5723 and below
Fixed version 5724
Fixed on July 25, 2025

Details

Exchange Reporter Plus was reported to have a security vulnerability in the Mails Deleted or Moved report. This has been fixed in build 5724, and its release notes can be found here.

Impact

This vulnerability could allow attackers to create a privileged account within the application and gain unauthorized access to it.

What should I do?

Given the severity of this vulnerability, customers are strongly advised to update Exchange Reporter Plus to the latest build immediately by following the steps given below.

  1. Download the latest service pack from here.
  2. Apply the latest service pack to your existing product installation by following the instructions provided in the above link.

If you have any questions or need assistance updating the product to the latest version, please contact our product support at support@exchangereporterplus.com.

Acknowledgement

This vulnerability was discovered by Ngockhanhc311 from FPT NightWolf.

Exchange Reporter Plus trusted by

A single pane of glass for Exchange Server Monitoring, Reporting and Auditing
HighlightsReportingAuditingMonitoringRelated Products