PT-2025-40613 · Zohocorp · Analytics Plus+1
Published
2025-10-03
·
Updated
2025-10-26
·
CVE-2025-9428
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ManageEngine Analytics Plus versions 6171 and prior
Description
The software is susceptible to authenticated SQL Injection through the key update API. The API endpoint is vulnerable due to improper input validation, potentially allowing an attacker to manipulate database queries. The
key parameter in the API request is likely the vulnerable input. There is no information about the number of affected devices or real-world exploitation of this issue.Recommendations
Update ManageEngine Analytics Plus to a version later than 6171.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Analytics Plus
Manageengine Analytics Plus