Unauthenticated SQL Injection in Zohocorp ManageEngine Analytics Plus
CVE-2025-8324

9.8CRITICAL

Key Information:

Vendor: Zohocorp
Status: Manageengine Analytics Plus
Vendor: CVE Published:; 11 November 2025

What is CVE-2025-8324?

Zohocorp's ManageEngine Analytics Plus versions 6170 and earlier exhibit a vulnerability that allows attackers to perform unauthenticated SQL injection attacks. This issue arises from an improper filtering configuration, which could lead to unauthorized access to sensitive data stored in the database. Organizations using affected versions should prioritize immediate patching to mitigate potential data breaches and ensure system integrity.

Affected Version(s)

ManageEngine Analytics Plus 0 < 6171

References

https://www.manageengine.com/analytics-plus/CVE-2025-8324...

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2025
Vulnerability Reserved
Jul 30, 2025

CVE-2025-8324 Data

JSON