PT-2025-46335 · Manageengine · Manageengine Analytics Plus

Published

2025-11-11

Updated

2025-12-21

CVE-2025-8324

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ManageEngine Analytics Plus versions 6170 and below

Description ManageEngine Analytics Plus versions 6170 and below are susceptible to an Unauthenticated SQL Injection due to improper filter configuration. This allows an attacker to execute arbitrary SQL queries against the application's backend database without authentication. Malicious SQL payloads can manipulate or extract sensitive data, potentially compromising the application and its database.

Recommendations Versions prior to 6170 should be updated.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

BDU:2025-14639

CVE-2025-8324

Affected Products

Manageengine Analytics Plus

PT-2025-46335 · Manageengine · Manageengine Analytics Plus

CVE-2025-8324

Weakness Enumeration

Related Identifiers

Affected Products

References · 16