CVE-2025-8324SQL Injection in Manageengine Analytics Plus

CWE-89SQL Injection3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
2.2%
top 15.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zohocorp Manageengine Analytics Plus
Timeline
PublishedNov 11

Description

Zohocorp ManageEngine Analytics Plus versions 6170 and below are vulnerable to Unauthenticated SQL Injection due to the improper filter configuration.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
CVEList
SQL Injection2025-11-11
GHSA
GHSA-3vrj-524h-5r3h: Zohocorp ManageEngine Analytics Plus versions 6170 and below are vulnerable to Unauthenticated SQL Injection due to the improper filter configuration2025-11-11
CVE-2025-8324 — SQL Injection | cvebase