Account Takeover Vulnerability in ManageEngine Analytics Plus and Zoho Analytics
CVE-2025-1724

Currently unrated

Key Information:

Vendor

Zohocorp
Status
ManageEngine Analytics Plus & Zoho Analytics
Vendor
CVE Published:
17 March 2025

Badges

đź“° News Worthy

What is CVE-2025-1724?

Zohocorp's ManageEngine Analytics Plus and Zoho Analytics on-premise versions prior to 6130 contain a vulnerability that allows unauthorized access through an Active Directory (AD) only account takeover. This flaw arises from the presence of a hardcoded sensitive token, which can be exploited by malicious actors to gain control over accounts without proper credentials. It is crucial for users of these products to upgrade to the latest versions to mitigate potential security risks.

News Articles

favicon imageGBHackers News

ManageEngine Analytics Vulnerability Enables User Account Takeover

A significant security vulnerability has been identified in ManageEngine's Analytics Plus on-premise solution, affecting all Windows builds below version 6130.

References

https://www.manageengine.com/analytics-plus/CVE-2025-1724...
https://www.zoho.com/analytics/onpremise/CVE-2025-1724.html

Timeline

  • đź“°

    First article discovered by GBHackers News

  • Vulnerability published

.