Account Takeover Vulnerability in ManageEngine Analytics Plus and Zoho Analytics
CVE-2025-1724

Currently unrated

Key Information:

Vendor: Zohocorp
Status: ManageEngine Analytics Plus & Zoho Analytics
Vendor: CVE Published:; 17 March 2025

Badges

📰 News Worthy

What is CVE-2025-1724?

Zohocorp's ManageEngine Analytics Plus and Zoho Analytics on-premise versions prior to 6130 contain a vulnerability that allows unauthorized access through an Active Directory (AD) only account takeover. This flaw arises from the presence of a hardcoded sensitive token, which can be exploited by malicious actors to gain control over accounts without proper credentials. It is crucial for users of these products to upgrade to the latest versions to mitigate potential security risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

News Articles

GBHackers News

CVE-2025-1724

ManageEngine Analytics Vulnerability Enables User Account Takeover

A significant security vulnerability has been identified in ManageEngine's Analytics Plus on-premise solution, affecting all Windows builds below version 6130.

References

https://www.manageengine.com/analytics-plus/CVE-2025-1724...

https://www.zoho.com/analytics/onpremise/CVE-2025-1724.html

Timeline

📰
First article discovered by GBHackers News
Mar 17, 2025
Vulnerability published
Mar 17, 2025

JSON

Zohocorp