Security Updates - CVE Database
Home » Security Updates ยป CVE-2025-41437

Reflected XSS in Login Page - CVE-2025-41437

Severity: Medium

CVE ID: CVE-2025-41437

Product name Affected Version(s) Fixed Version(s) Fixed On
OpManager
OpManager Enterprise Edition
OpManager Plus
OpManager Plus Enterprise Edition
OpManager MSP
NetFlow Analyzer
Network Configuration Manager
Firewall Analyzer
OpUtils
128565 128566 26-05-2025
128551 to 128554 128555 20-05-2025
128509 to 128541 128542 22-07-2025
128462 and below 128463 05-06-2025

Details:

The reflected XSS vulnerability that allowed JavaScript injection on the login page has been identified and fixed.

Steps to upgrade:

  1. Kindly download the latest upgrade pack from here.
  2. Apply the latest build to your existing product installation as per the upgrade pack instructions provided in the above step.

Source and Acknowledgements:

This vulnerability was reported by Andrey Alekseev (Positive Technologies).

Kindly contact our product support teams for further details, at the email address mentioned below:

 
Related Products
 Pricing  Get Quote

Features

Sectors

Quick links

Why OpManager

Company

Training and Support

Connect with us:

     

ManageEngine is a division of Zoho Corp.

Alternative to PRTG Full Stack Observability Whitepaper