A critical unauthenticated SQL injection vulnerability has been discovered in Zoho Analytics Plus on-premise, posing a severe risk to organizations running affected versions.
Tracked as CVE-2025-8324, this flaw enables attackers to execute arbitrary SQL queries without authentication, potentially leading to unauthorized data exposure and account takeovers.
| CVE ID | Product | Severity | Affected Versions | Fixed Version |
|---|---|---|---|---|
| CVE-2025-8324 | Analytics Plus on-premise | Critical | Below Build 6170 | Build 6171 |
Vulnerability Overview
The vulnerability stems from insufficient input validation in Analytics Plus on-premises builds before 6170. Attackers can exploit this weakness to bypass authentication mechanisms and directly interact with the backend database.
This type of vulnerability is hazardous because it requires no user interaction and can be exploited remotely by unauthenticated threat actors.
CVE-2025-8324 represents a critical security risk, classified at the highest severity level due to its potential impact and ease of exploitation.
The flaw affects organizations using older versions of the software, leaving them vulnerable to data breaches and unauthorized access to sensitive information.
The implications of this SQL injection vulnerability are severe. Attackers exploiting CVE-2025-8324 could access sensitive user data stored in Analytics Plus databases, including credentials, personal information, and business intelligence.
The vulnerability could facilitate account takeovers, enabling attackers to impersonate legitimate users and perform unauthorized actions within the system.
Furthermore, attackers could modify database records, delete critical information, or establish persistent access to affected systems.
Organizations relying on Analytics Plus for data analysis and reporting could face significant operational disruption and reputational damage if this vulnerability is exploited.
The vulnerability was introduced due to inadequate input sanitization in specific application endpoints.
Attackers can craft malicious SQL queries and inject them through vulnerable parameters, which are then executed against the database without proper validation. This allows complete compromise of database integrity and confidentiality.
Zoho has released Build 6171 as the fixed version, addressing the vulnerability by enforcing strict restrictions on vulnerable URLs and removing insecure code.
Organizations running Analytics Plus on-premise must immediately upgrade to the latest build to mitigate the risk.
The upgrade process involves downloading the latest service pack from the ManageEngine service pack repository and following detailed installation instructions.
Organizations should prioritize this update given the vulnerability’s critical nature and its potential for widespread exploitation.
All organizations running Analytics Plus on-premise builds below 6170 should treat this update as urgent.
Given the exploit’s unauthenticated nature and its critical severity rating, the vulnerability could be actively exploited if left unpatched.
For technical support and upgrade assistance, affected organizations can contact the Analytics Plus support team.
Organizations should also audit their systems for potential exploitation before patching.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and set GBH as a Preferred Source in Google.