Refine your search
1 vulnerability found for ManageEngine Analytics Plus by Zohocorp
CVE-2025-8324 (GCVE-0-2025-8324)
Vulnerability from cvelistv5
Published
2025-11-11 13:04
Modified
2026-02-26 16:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
Zohocorp ManageEngine Analytics Plus versions 6170 and below are vulnerable to Unauthenticated SQL Injection due to the improper filter configuration.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zohocorp | ManageEngine Analytics Plus |
Version: 0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8324",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T04:55:24.080236Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:57:58.697Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ManageEngine Analytics Plus",
"vendor": "Zohocorp",
"versions": [
{
"lessThan": "6171",
"status": "affected",
"version": "0",
"versionType": "6171"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6171",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp ManageEngine Analytics Plus versions\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e6170 and below are vulnerable to Unauthenticated SQL Injection due to the improper filter configuration.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Zohocorp ManageEngine Analytics Plus versions\u00a06170 and below are vulnerable to Unauthenticated SQL Injection due to the improper filter configuration."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-11T13:05:23.940Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "Zohocorp"
},
"references": [
{
"url": "https://www.manageengine.com/analytics-plus/CVE-2025-8324.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "Zohocorp",
"cveId": "CVE-2025-8324",
"datePublished": "2025-11-11T13:04:00.573Z",
"dateReserved": "2025-07-30T06:00:05.522Z",
"dateUpdated": "2026-02-26T16:57:58.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}