PT-2025-39231 · Undefined · Undefined
Published
2025-09-23
·
Updated
2025-09-23
·
CVE-2024-19234
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Yes, Zoho has faced several security issues:
-
2021: ManageEngine ADSelfService Plus vulnerability (CVE-2021-40539) exploited by APT27, affecting 9+ organizations and 11,000+ servers with Godzilla Webshell malware. Patched by Zoho.
-
2022: Critical RCE flaw in ManageEngine led to BankingLab breach, exposing fintech client data (e.g., SQL dumps, keys). Patched in June 2022.
-
2023-2024: Vulnerabilities like CVE-2023-46578 (RCE), CVE-2024-19234 (Zoho Vault encryption bypass), and API misconfigs in CRM.
Zoho typically responds with patches and tools. No major breaches listed on Wikipedia.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Undefined